The stakes have rarely been higher.
As cybersecurity experts make their way to the one-armed bandits and scorching heat in Las Vegas for Black Hat USA 2024 next week, the specter of the CrowdStrike Inc. debacle looms large. More than a dozen vendors contacted by Techstrong insist the worldwide outage has created a level of interest in this year’s edition dwarfing previous shows.
“The CrowdStrike incident, irrespective of whether your product applies to it, from a marketing perspective will be like a coyote on a goat,” Gary Phipps, vice president of strategy at ProcessUnity, said in an interview. “If you don’t mention CrowdStrike, you might as well not show up.”
This month’s CrowdStrike episode — which impacted 8.5 million Windows PCs worldwide used by airlines, banks, media companies, and health care — highlighted an avalanche of events that also bedeviled SolarWinds, AT&T Inc. and Ticketmaster while playing to the fears of the technology-wary crowd.
Indeed, the number of data breach victims has skyrocketed 490% during the first half of the year, according to an IDC report that predicts data protection and recovery will be a top software infrastructure investment for businesses in 2025. [New regulation requires more timely reporting of breach disclosures in 8-K filings.]
What is more, a new report analyzing CISA’s Known Exploited Vulnerabilities (KEV) catalog revealed that 35% of organizations experienced a KEV in 2023 – 66% of which had more than one, 25% of which had more than five and 10% of which had more than 10.
Ironically, scores of companies attending the six-day conference are likely to benefit from the travails of CrowdStrike as the focus intensifies on cybersecurity fundamentals and investors put their money on hardened defenses.
“Every endpoint company, once in their life, has had a substantial problem that they learned from – whether it is CrowdStrike, Symantec or McAfee,” Corelight CEO Brian Dye said in an interview. The cybersecurity company recently raised the largest funding round, $150 million, in its seven-year history led by Accel Partners with participation from CrowdStrike and Cisco Systems Inc.
The CrowdStrike incident “brings to the forefront the operational risk in deploying security software,” Melissa Bischoping, director of endpoint security research at Tanium, said in an interview. “You have to implement safeguards along with the timeliness of updates. This underscores the need for more emphasis on resiliency planning.”
Absolute Security CEO Christy Wyatt said the incident highlights the need to shift the perception of cybersecurity from a mere IT/departmental issue to the broader concept of cyber resilience as a key part of holistic business resilience.
Discussions about CrowdStrike at Black Hat will likely emphasize prevention strategies, the impacts of similar incidents, and the importance of diversifying security vendors to build more resilient systems, says Expel Chief Information Security Officer Greg Notch.
“Ultimately, CrowdStrike is one of the strongest vendors in the EDR space,” Chris Thompson, global head of IBM Corp.’s X-Force Red, said in an interview. “CrowdStrike will learn from this, with more transparent updates and better software release testing.”
“I’m much happier that it was from an bad update vs. a vendor being compromised” like SolarWinds, which triggered a supply-chain incident that impacted thousands of organizations, including the U.S. government, Thompson said.
“The world got lucky in that [CrowdStrike] was a bad signature push,” he added. “I think it was a good wakeup call in thinking about disaster recovery, without GPS or relying on a dispatch system from the 1970s in its place.”
“So, what lies ahead? Look to SolarWinds. The fallout from their 2020 breach was catastrophic — as it will be for CrowdStrike — U.S. regulators sued for fraud, citing neglected cybersecurity and severe vulnerabilities,” Mehdi Daoudi, CEO of Catchpoint, said in an email. “Moreover, the company faced relentless scrutiny, and CrowdStrike should brace for the same. As a security company, they must go the extra mile to prove their reliability.”
The narrative next week in Vegas, while disquieting, also offers a path for cybersecurity companies to enrich themselves.
Companies with advanced cybersecurity performance create 372% higher shareholder return compared to peers with more basic cybersecurity performance, based on research from Bitsight and Diligent.
In addition to Corelight and its record funding haul, another major benefactor of cybersecurity investment is 3-year-old startup Chainguard, which announced a record $140 million in series C funding last week.
Meanwhile, Wiz spurned Google’s $23 billion acquisition offer — presumably for a big IPO pay day.
Disinformation will also be a hot topic of conversation, particularly as AI “lowers the barrier to entry and scales misinformation campaigns in real time,” Bischoping said. It also marks the first presidential election since the emergence of genAI some 18 months ago, and in a year when half the world is going to the polls.
On Wednesday a new report, “Phishing in Focus: A 2024 Mid-year Report on AI, Disinformation, Election and Identity Fraud,” identified 24 separate nation-state groups attempting to exploit rising political tensions ahead of the U.S. presidential elections, says Bolster.ai.
Generative AI has led to a 1,200% surge in phishing attacks, which could be applied to the quick spread of political misinformation in a hotly contested election, according to Nick Carroll, cyber threat intelligence researcher at Nightwing.
“AI is a weapon of mass deception,” Xage Security CEO Geoff Mattson said in an interview.
Security experts liken the threat of misinformation ahead of a U.S. presidential election as the latest iteration of a Cold War pitting America against nation states such as Russia, China, and Iraq unleashing an active measures campaign.
Dan Lowden, chief marketing officer of Blackbird.ai, estimates more than half of the Black Hat talks will revolve around foreign information manipulation and interference, pointing to panels such as research from former NATO analyst Franky Saegerman.