Category: Events

CREST is intensifying its efforts to foster growth and development among cyber security service providers worldwide. Through its innovative Cyber Accelerated Maturity Programme (CREST CAMP), CREST is actively supporting companies in regions seeking to enhance their cyber security capabilities.

The programme will run in Armenia, Bahrain, Georgia, Ghana, Kenya, Lithuania, Malaysia, Thailand, Oman and Philippines from September 2024 to March 2025, aiming to boost cyber security maturity and emphasise the private sector’s critical role in national security. This pilot is expected to be the first of many as development agencies, multilateral banks, and philanthropists increasingly recognise the pivotal role of private cyber companies in protecting critical national infrastructure and broader societal needs.

With funding from the UK’s Foreign, Commonwealth & Development Office (FCDO), the program offers targeted mentoring, training, and guidance to help companies navigate the CREST Accreditation Pathway. By providing a structured framework for professionalisation, CREST CAMP aims to set new standards for growth and sustainability within the cyber security ecosystems of participating regions.

This initiative marks a significant shift in development funding priorities. Traditionally, the majority of cybersecurity capacity building grants have been directed toward government agencies. However, CREST CAMP recognises the critical role of the private sector in safeguarding national security. By addressing the gap in private sector support, the program aims to ensure that governments and businesses alike have access to high-quality cyber security services.

CREST CAMP officially launched at the Wilton Park Dialogue on ‘Securing Technology: Sustaining a High Quality Cyber Security Workforce’ on September 17, 2024. This event highlighted CREST’s expanding role on the global stage and its commitment to supporting the development of sustainable cyber ecosystems.

A key element of CREST CAMP is collaboration. By leveraging its global network of CREST accredited member companies, training providers, and academic partners, CREST actively works to improve cyber security standards. The program involves intensive mentoring from established member companies, providing guidance on professional growth, accreditation, and market expansion. Additionally, CREST CAMP supports the development of affordable, high-quality training provision within participating countries to ensure a sustainable cyber workforce.

For CREST member companies, mentoring through CREST CAMP offers an opportunity to contribute to the future of the global cyber ecosystem, establish long-term partnerships, and support countries in their early stages of standard-setting and regulation. By offering intensive support to beneficiary companies, mentoring companies can help them deepen their understanding of methodology, policy, or skills gaps, make initial enhancements, and create a comprehensive gap closure plan.

CREST CAMP is expanding the reach of cyber security capacity building, acknowledging that sustainable development and security require high-quality cyber security providers throughout society. This program represents a crucial step in ensuring that all parts of the global economy, from government agencies to private enterprises, can access the expertise needed to protect against evolving cyber threats.

CREST CEO Nick Benson said: “We are delighted to launch CREST CAMP, which is part of our increasing role supporting companies globally on their journey of professionalisation and growth. CREST’s active work in global capacity building is essential for those companies that need more support and guidance. Thank you to the FCDO for supporting CREST CAMP.”

Benson continues: “CREST member companies around the world, as mentors and examples of what good looks like, will play an important part in this crucial work. In today’s increasingly interconnected global market we must look beyond our own national borders to do the hard work that makes us all safer from cyber threats.”

CREST will be exhibiting at this year’s International Cyber Expo, held at Olympia London on the 24th and 25th September 2024. They can be found at the CREST Pavilion, K50/6. To register for your free ticket to his year’s show, visit: International Cyber Expo 2024 Registration

The post CREST CAMP: A Catalyst for Global Cyber Security Growth appeared first on IT Security Guru.

The popular Cyber Wellbeing Corner will return to year’s International Cyber Expo, in partnership with popular wellbeing and productivity platform The Zensory. The Cyber Wellbeing Corner, a space dedicated to the wellbeing of cybersecurity professionals, will return to the event, held at Olympia London on 24th and 25th September 2024, for the second consecutive year. The initiative was a first for cyber industry exhibitions globally in 2023, showing ongoing commitment to bettering the wellbeing of cybersecurity professionals.

Cybersecurity professionals, often the unsung heroes of our digital age, face immense pressure and stress in their roles. One study revealed that over half of cybersecurity professionals have reported feelings of depression or anxiety due to work-related overwhelm. To address this growing concern, it’s imperative to create safe, neuro-inclusive spaces for cybersecurity professionals to decompress. Initiatives like the Cyber Wellbeing Corner provide a much-needed sanctuary for those working on the front lines of digital defence.

This year’s interactive Cyber Wellbeing Corner will be nature themed, as research has shown that being in or around nature has a plethora of wellbeing benefits. Research by the Mental Health Foundation found that nearly two-thirds (65%) of people experience positive emotions (calmness, joy, excitement or wonder) from being in nature. The survey also found that 70% of UK adults believe being close to nature improves their mood and nearly half (49%) reported that being close to nature helps them to cope with stress. Additionally, one study found that just viewing images of naturescapes reduced stress levels, due to the activation of the parasympathetic nervous system. As exhibition spaces can be overwhelming, with lots of noise and bright lighting, this will likely be a welcome addition for visitors. 

This year, The Zensory will create a serene oasis, offering aids to help attendees feel calm and relaxed. The Corner will be an immersive space that brings the outdoors inside. Research has found that listening to naturescapes has a physiological effect on the bodies, reducing fight-or-flight instincts and increasing relaxation.  There will also be wellbeing experts on hand from The Zensory, who can signpost professionals to external places of support, as well as advise business leaders on workplace wellbeing strategies. 

The Cyber Wellbeing Corner initiative, spearheaded by Nineteen Group, organisers of International Cyber Expo, and The Zensory, won an award for Best Use of Partnership at this year’s EN Marketing Awards. The award was a reflection on the success of the zone, as well as a testament to the industry’s need for similar spaces. 

Jasmine Eskenzi, Founder and CEO of The Zensory, said: “The 2023 Cyber Wellbeing Corner was an important space for both the show and the wider industry. The Corner set a precedent for other exhibitions across the industry and took a powerful stance against industry-wide burnout. We’re proud to be involved with the expansion of this award-winning space and look forward to discussing healthier work habits with visitors at the show.” 

Visitors to the International Cyber Expo will also be able to try The Zensory app on The Zensory’s own stand (located K40). The Zensory is an immersive, evidence-based wellbeing and productivity platform that helps users transform their mood, elevate their work habits, and promote a state of focus and/or relaxation. 

Jasmine Eskenzi, Founder and CEO of The Zensory, will also be joining Andrew Rose, Chief Security Officer of SoSafe, and Chris Denbigh-White, CISO at Next DLP, for a discussion on burnout on the Diversity & Skills Stage on Day One of the Expo (Combating Burnout to Protect Both Your Data and Your Ethics, 14:00 pm). The discussion will focus on the impact of burnout on security teams and how managing human risk is key to protecting an organisation and its people.The panel will discuss pragmatic solutions to help professionals thrive in today’s cyber industry.

Jasmine Eskenzi continues: “At The Zensory, our aim is to create a cultural change within the industry. In order to do this we want to demonstrate ways in which wellbeing can be practised in everyday life, showing how simple it can be. We want to show that wellbeing isn’t a tick box exercise, but is a major paradigm shift that must happen within the industry in order to make a more sustainable future. That’s why spaces like these are so important at shows.”

The Cyber Wellbeing Corner will be located within the International Cyber Expo, taking place at Olympia London on the 24th and 25th September 2024. The space is also open for visitors of the co-located International Security Expo. 

The post ‘Cyber Wellbeing Corner’ Returns to International Cyber Expo appeared first on IT Security Guru.

International Cyber Expo is once again teaming up with CrisisCast, to deliver their renowned immersive demonstrator experience, alongside exhibitors at this year’s highly anticipated event. Held at Olympia London on the 24th and 25th of September 2024, the Expo will showcase cutting-edge solutions and thought leadership in cybersecurity.

CrisisCast, known for simulating crisis environments to address emerging security challenges, will offer visitors a unique opportunity to step into the shoes of an Executive Board navigating real-life cyberattacks. Attendees will gain first hand experience of the psychological pressures faced by both attackers and decision-makers, while also observing recommended response strategies for various cyber scenarios.

As cyber threats are constantly changing, it is clear to see that an increasing number of people are fearful of the UK’s ability to combat these threats. A recent survey, conducted on behalf of International Cyber Expo, showed that a staggering 78% of people in the UK are worried about the reliance global organisations have on IT systems and software providers. The CrisisCast Immersive Demonstrator gives visitors the chance to see how organisations are able tackle the latest cyber threats, like those that are feared by the public.

At the event, leading cybersecurity exhibitors will collaborate with CrisisCast to simulate and respond to real-time cyber attack scenarios on stage. Leveraging CrisisCast’s advanced film and stage techniques, this immersive experience—featuring skilled actors and renowned production teams—will bring highly realistic crisis management simulations to the International Cyber Expo.

Joining the CrisisCast team on stage will be an impressive line-up of exhibitors, including:

  • On day one, Security HQ, METCloud, Legit Security and Safenames
  • On day two, Cyber Chain Alliance, Zurich Resilience and Cofense

The CrisisCast Immersive Demonstrator joins an already impressive line-up of things to see and do at this year’s International Cyber Expo. The Global Cyber Summit, which will run across both days of the event, will be focusing on a range of relevant topics from emerging technology to geopolitics, crime and disinformation. Similarly, The Tech Hub Stage will showcase the newest innovations hitting the market, giving visitors a unique opportunity to speak to vendors first hand.

The CrisisCast Immersive Demonstrator can be found at Stand N30.

To register for FREE as a visitor: https://international-cyber-expo-2024.reg.buzz/glonal-cyber-summit-press-release

The post Real-Time Cyberattack Simulations Take Centre Stage at International Cyber Expo 2024 with CrisisCast appeared first on IT Security Guru.

Nineteen Group, organisers of International Cyber Expo, today proudly announce the programme for the 2024 Tech Hub Stage. The conference, set to take place at Olympia London on the 24-25 September 2024, will give visitors from around the world the chance to explore real-world applications and in-depth case studies of the industry’s most groundbreaking new solutions.

With threats constantly evolving, innovative solutions to modern issues are sought by CISOs and security teams from across the world. The Tech Hub Stage gives visitors first access to product launches and revolutionary solutions, on a dynamic platform. Visitors are able to engage directly with technical experts, who can answer questions and advise on some of the industry’s most pressing issues. 

Like the 2024 Global Cyber Summit, The Tech Hub Stage’s forward-thinking agenda focuses on the key theme of resilience. On day one, Paul Kennedy, Cyber Security Technology Chief at QinetiQ, will be delivering a presentation on Secure by Design: What Do We Mean by Resilience, Katie Ralph, Director of Solutions Engineering EMEA at SonicWall, will be delivering a presentation on how to build cyber resilience, and, on day two, David Johnson, Director of Cyber Security at Communicate Technology, will explore how to rebuild after a cyber breach. 

Additional highlights from this year’s Tech Hub Stage agenda include: 

  • Principal Systems Engineer at Fortinet, Daniel Kendall’s presentation on combating AI-backed advanced persistent threats.
  • A joint session on taking LLMs to the edge by Ash Clayton, Edge Product Lead at Rowden Technologies, and Bernie Camus, Principal Machine Learning Engineer at Rowden Technologies. 
  • A deep dive into how to think like a hacker when it comes to building a strong cybersecurity posture by Elliott Wilkes, CTO at Advanced Cyber Defence Systems (ACDS)
  • A presentation on SOC tactics for efficient detection and reaction to next-generation threats delivered by Michal Kaczmarek, Security Operation Centre Manager at Trecom.

Rachael Shattock, Group Event Director at Nineteen Group, said: “With the technological landscape constantly changing, we’re proud to bring together some of the industry’s most revolutionary thinkers to showcase the latest tech that aims to keep us safe. The Tech Hub Stage is always a big draw for our international visitors, no doubt due to the latest tech on display and the invaluable chance to ask questions to the technical experts directly.”

Attendees can also explore the most cutting-edge innovations in physical security at the co-located International Security Expo. There is also a full programme of presentations by high-profile figures from the UK government, the National Protective Security Authority (NPSA), and other industry leaders. Topics will include modern counter-terrorism, the UK’s role in global security, and future security in the face of evolving threats.

While it continues to be refined, you can find the latest Tech Hub Stage programme and details about speakers, here: https://www.internationalcyberexpo.com/tech-hub-stage

To register for FREE as a visitor: https://international-cyber-expo-2024.reg.buzz/glonal-cyber-summit-press-release 

 

The post International Cyber Expo’s 2024 Tech Hub Stage Agenda Showcases the Future of Cybersecurity Innovation, From AI to Automation appeared first on IT Security Guru.

It has been announced that Check Point Software has joined as a sponsor for this year’s Security Serious Unsung Heroes Awards. Check Point joins KnowBe4, Hornet Security, ThinkCyber, Pulse Conferences and The Zensory as key sponsors of this year’s event. The awards are also supported by Computer Weekly, Security On Screen and the IT Security Guru. 

The Security Serious Unsung Heroes highlight the exceptional talent within the UK’s cybersecurity community, recognising professionals who excel in their field, often without recognition. From frontline defenders and innovative leaders to educators nurturing future talent, these awards celebrate those making a difference. The focus extends beyond technical expertise, honouring individuals championing diversity and promoting employee wellbeing within the industry. By recognising these contributions, the awards aim to elevate the cybersecurity sector and inspire future achievements.

“In a rapidly evolving digital landscape, it’s the people who make the difference in ensuring our safety. The Security Serious Unsung Heroes Awards are a testament to the resilience and expertise of those who protect our cyber infrastructure,” said  Emilie Beneitez Lefebvre, Head of Public Relations Asia Pacific & Japan , EMEA & LATAM at Check Point Software. “Check Point is thrilled to be a sponsor this year, as we believe in the importance of recognising and celebrating the unsung heroes who make the UK a safer place for all.”

Entries are now open, which includes filling in a short form detailing why the person deserves the award. Nominations will remain open until 5pm on the 6th of September 2024, before closing for review by an esteemed panel of judges.

The awards are judged by an esteemed panel of respected industry figures. So far judges include:

  • Jenny Radcliffe, author and world-renowned people hacker
  • Shan Lee, CISO at DocPlanner Group and 2023 CISO Supremo winner
  • Yvonne Eskenzi, lead organiser and director of Eskenzi PR
  • Javvad Malik, lead security awareness advocate at KnowBe4
  • Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks and 2023 Diversity Champion winner.  
  • Tim Ward, CEO of ThinkCyber
  • Emilie Beneitez Lefebvre, Head of Public Relations Asia Pacific & Japan , EMEA & LATAM at Check Point Software
  • Irvin Shillingford, Regional Manager Northern Europe at Hornetsecurity 

Nominees, nominators, and their guests are then invited to a celebratory evening hosted on the 16th of October 2024 at St Barts Brewery in London to coincide with Cybersecurity Awareness Month. With thanks to sponsors, the Security Serious Unsung Heroes Awards are free to enter and to attend, setting it apart from other industry awards.

“People are, and always have been, at the heart of the cybersecurity industry. However, with so many threats and so much technological development, it can be easy to lose sight of the great people behind the scenes keeping us all safe. The cybersecurity community is full of people who are passionate about keeping businesses and the public safe from the threat of cybercrime, at any cost, and it’s important that we celebrate them as the heroes that they are,” said Yvonne Eskenzi, Co-Founder and Director at Eskenzi PR. “The Security Serious Unsung Heroes Awards are a brilliant way for us to give back to and celebrate the efforts of the cybersecurity community!”

  Categories this year include:

  • Cyber Writer
  •  Godparent of Security
  • Data Guardian
  • CISO Supremo (sponsored by Hornet Security)
  • Security Avengers – Best Team
  • Best Educator
  • Best Ethical Hacker/Pentester
  • Rising Star
  • Security Mentor
  • Best Security Awareness Campaign (sponsored by KnowBe4)
  • Diversity Champion
  • Cybersecurity Wellbeing Advocate (sponsored by The Zensory)

For more information, visit: https://www.securityserious.com/unsung-heroes/

To nominate, visit: https://docs.google.com/forms/d/e/1FAIpQLScFLluWtvLjwN_2YFC8GqZDezURF3aVAWKaetJpVlsvrEZABA/viewform?usp=send_form

Irvin Shillingford, Regional Manager Northern Europe at Hornetsecurity said: “We are pleased to be supporting this year’s Security Serious Unsung Heroes Awards. It’s important that we come together as a community to celebrate the incredible individuals and teams who keep us safe. We’re particularly proud to be sponsoring the 2024 CISO Supremo category. CISOs are at the forefront of keeping organisations safe, but are under increasing pressure. It’s imperative that we recognise the exceptional work that these individuals do to protect their organisations and the wider public.”

Tim Ward, CEO of ThinkCyber, said: “I’m delighted that ThinkCyber is sponsoring this year’s Security Serious Unsung Heroes Awards. These awards highlight the incredible efforts of cybersecurity professionals who tirelessly work behind the scenes to protect our digital world. At ThinkCyber, we believe in the power of recognition and the importance of celebrating those who make our industry stronger, more secure, and more inclusive. It is an honour to be part of this initiative that shines a light on the true heroes of cybersecurity.” 

Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks  – “I am delighted to be a judge for this year’s Security Serious Unsung Heroes Awards. Winning ‘Diversity Champion’ in 2023 was a game changer for me, not only opening doors to new opportunities and relationships but giving me the confidence to keep pushing hard in my career, and for diversity, equity and inclusion across cybersecurity. I am excited to pass this – and the joy that comes with the awards – on.

I cannot wait to see the amazing pool of nominees and I am sure it will be no easy task whittling them down to the finalists! Please do nominate, whether it be an amazing individual, an organisation, or a self-nomination! All those making a difference in cyber deserve to be seen, heard, appreciated and celebrated.” 

Javvad Malik, the lead security awareness advocate at KnowBe4, expressed enthusiasm for sponsoring and judging the Security Serious Unsung Heroes Awards. He highlighted the importance of the event in recognizing the exceptional efforts within the cybersecurity community. Malik stated, “We look forward to sponsoring these awards every year to draw attention to the work that the industry and end-user organisations are doing throughout the year to educate employees and raise awareness among the public around dealing with cyber threats. In a year that’s been marked by yet more ransomware attacks, rampant phishing campaigns and the gaining pace of AI, it’s a welcome reprieve to celebrate the efforts made to keep the UK a safer place to do business.”​

 

 

The post Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024 appeared first on IT Security Guru.

Command with Confidence: Insights from Andrew Bustamante

At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat. His session, "Command with Confidence," offered cybersecurity professionals insights to enhance their security strategies with clarity and confidence.

Key Takeaways:

  1. The Four C's Framework: Bustamante introduced the "Four C's" framework—consideration, consistency, collaboration, and control. This structured approach is designed to build rapport, ensure consistent performance, and effectively lead teams by taking proactive control.
  2. Goal Setting Techniques: Highlighting a three-step framework for goal setting, Bustamante emphasized starting with SMART goals, then stretching them, and finally aiming for "scary goals" to push boundaries and achieve exceptional outcomes.
  3. The Power of Soft Skills and Persuasion: Bustamante explained how persuasion is rooted in emotional connections rather than logical arguments. By assessing individuals and understanding their emotional triggers, professionals can create compelling narratives that drive action. These soft skills are critical in building effective teams and leading security projects successfully.

"Consideration, consistency, collaboration, and control—these are the pillars of effective leadership and influence. Mastering these can make you unstoppable in any professional environment." - Andrew Bustamante

Survey Insight: We surveyed our attendees on the importance of soft skills versus technical skills in new security projects. The results showed:

  • 37.5% agree and 34.38% strongly agree that the security community prioritizes technical skills over soft skills.

Ransomware attacks are a significant threat, but with the right strategies and proactive measures, organizations can enhance their defenses and build resilience. To dive deeper into these strategies and hear more from the experts, watch the full video from the Rapid7 Take Command Summit.

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules

Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals.

Here are three key takeaways from the session that are crucial for ensuring compliance and enhancing your organization's cybersecurity posture.

1. Understand Materiality and Disclosure Requirements

One of the most critical aspects of the new SEC rules is determining the materiality of a cybersecurity incident. Kyra Ayo Caros, Director, Corporate Securities & Compliance at Rapid7  said, "materiality in this context is what would be material for investors to know…what sort of incident would your stakeholders or stockholders need to know about?" This involves assessing the incident's impact on business operations and financial results. Companies must disclose material incidents within four days of determining their significance, highlighting the need for a robust incident response and evaluation process.

2. Foster Cross-Departmental Collaboration

Effective compliance with SEC rules requires coordination across various departments. Legal Counsel, Cybersecurity Services Group, Venable LLP Harley Geiger emphasized the importance of involving security, legal, and communications teams early in the process to meet disclosure requirements effectively. "Companies should ensure that security, legal, and communications teams are part of the process early on to collaborate on the most effective way of meeting these disclosure requirements." This collaboration ensures that all relevant information is accurately assessed and reported.

3. Build a Comprehensive Cybersecurity Risk Management Program

The SEC rules also mandate annual disclosure of cybersecurity risk management processes and the role of senior management in overseeing these efforts. Organizations need to describe how they integrate cybersecurity into their overall risk management and governance framework. "It’s crucial to provide an accurate snapshot of your cybersecurity processes and management’s oversight to ensure investor trust," said Ayo Caros. Ensuring these disclosures are accurate and reflect actual practices is vital for maintaining transparency and compliance.

57% of our post event survey respondents found the complexity and scope of regulations to be the most inhibiting factor in abiding by the SEC Cybersecurity Disclosure Rules. Navigating these intricate requirements poses a significant challenge, often leading to compliance difficulties.

The SEC Cybersecurity Disclosure Rules require a strategic and collaborative approach to ensure compliance and transparency. Understanding materiality, fostering cross-departmental collaboration, and building a comprehensive cybersecurity risk management program are essential steps. For a deeper dive into these strategies and expert insights, click here to watch the full video from the Rapid7 Take Command Event.

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture

Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations.

Here are three key takeaways from the discussion that every cybersecurity professional should consider.

1. Align Security Objectives with Business Goals: Jaya Baloo, Chief Security Officer at Rapid7, emphasized the importance of aligning security goals with company objectives. "I rarely disjoint what needs to be done for security from the company's core values and core business." By integrating security initiatives with overall business goals, organizations can ensure that security measures receive the necessary support and resources.

2. Foster Empathy and Inclusion: Cultivating a cybersecurity culture that values empathy and inclusion is vital. Sofia Dozier, who leads Diversity, Equity, and Inclusion at Rapid7, highlighted the importance of understanding diverse perspectives within the workforce. "Empathy means putting yourself in someone else's shoes to understand their experience." By promoting inclusive behaviors, organizations can create a supportive environment where all employees are committed to security.

3. Navigate Complex Regulations with Clarity: A significant challenge for many organizations is navigating the intricate SEC Cybersecurity Disclosure Rules. According to a post summit survey of attendees, 57% of respondents find the complexity and scope of regulations to be the most inhibiting factor in compliance. Baloo stressed the importance of transparency and honesty in security practices, warning against the dangers of "lying by omission" due to fear of repercussions.

Enhancing cybersecurity culture requires aligning security with business goals, fostering empathy and inclusion, and navigating complex regulations transparently. "Culture eats strategy for breakfast," Baloo said, emphasizing the critical role of a strong security culture in achieving cybersecurity success.

To delve deeper into these strategies and hear more expert insights, click here to watch the full video from Rapid7’s Take Command Summit.

Black Hat 2024: Key Takeaways and Industry Trends

What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest innovations and insights from their favorite vendors, industry speakers and training sessions. There was no shortage of information covered throughout the week, and with the sheer volume of it, it can be hard to catch everything going on. In this post I am going to do my part by attempting to summarize some of the key themes and takeaways from the event. So, with that, let’s get right to it.

  1. The rise of advanced threats: AI and machine learning at the forefront. One of the most striking themes at Black Hat 2024 was the sophistication of modern cyber threats. This year, sessions highlighted how attackers are leveraging artificial intelligence (AI) and machine learning (ML) to lower the barrier to entry, increase the scale and impact of attacks and circumvent traditional controls. From deepfake technology used in phishing schemes to AI-driven automated attacks, the industry is witnessing a new era of cyber threats that require equally advanced defensive strategies and continuous learning to ensure security teams keep pace with emerging trends and threat vectors.
  2. Zero trust and identity: the gradual shift towards never trust, always verify. Zero Trust was a major focal point at this year's event. Experts and vendors alike emphasized the importance of adopting a Zero Trust approach to cybersecurity. This model, which operates on the principle of “never trust, always verify,” aims to minimize trust within and outside the network. The shift towards Zero Trust reflects the growing need for more robust security frameworks that can handle today’s complex threat environment.
  3. Software supply chain security: extending your defense beyond the perimete. Software supply chain attacks were a hot topic, underscoring the need for organizations to extend their security measures beyond their immediate environment. Black Hat 2024 reinforced the importance of securing not just your own systems but also those of your vendors, partners and the software dependencies that modern applications consist of. Discussions centered on strategies for improving supply chain resilience, shifting security visibility and gates earlier on in the development lifecycle and the role of continuous monitoring in mitigating these risks over time.
  4. Emerging technologies: navigating the new cybersecurity landscape. Black Hat 2024 showcased numerous emerging technologies and their implications for cybersecurity. Sessions explored the security challenges associated with Generative AI, blockchain, the Internet of Things (IoT) and Quantum Computing. As these technologies evolve, they bring both new opportunities and new risks, making it crucial for security professionals to stay informed and prepared.
  5. Training and awareness: building a culture of security. Many sessions emphasized the critical role of security training and awareness programs. With human error often cited as a leading cause of security incidents, organizations are increasingly focusing on educating their employees and fostering a culture of security awareness. Training programs that address current threats and promote best practices are becoming integral to comprehensive security strategies.

Keynote sessions did not disappoint

The keynote sessions at Black Hat are always one of my personal favorite parts, and this year was no exception. While there were a number of sessions I found insightful and well worth the watch, one in particular that stood out was Thursday’s Fireside chat with Moxie Marlinspike, the Founder of Signal, and Jeff Moss, the Founder of Black Hat and member of the U.S. Department of Homeland Security Advisory Council. During the session they covered a range of topics, but chief among them was the future of privacy and the balance between privacy and security.

Product launches: Surface Command and Exposure Command unveiled

Beyond rich discussions and cutting-edge presentations, we made some significant waves with the launch of Surface Command and Exposure Command, two exciting new product offerings designed to unify your attack surface and deliver effective hybrid risk management. We covered these new products a little more in-depth here, but to recap:

Surface Command: unifying your attack surface

Surface Command offers a unified view of both internal and external attack surfaces, breaking down data silos and providing a comprehensive picture of your environment. This tool helps organizations identify and address vulnerabilities more effectively.

Exposure Command: prioritizing critical threats with precision

Exposure Command extends these capabilities by enriching asset data with high-fidelity risk context, enabling teams to prioritize and address the most critical threats with greater precision.

These launches are a testament to Rapid7’s commitment to advancing cybersecurity and providing our customers with the tools they need to stay ahead of potential threats, and represent the next chapter in our mission to enable security teams to take command of their attack surface.

What’s Next for Rapid7?

Black Hat 2024 was a microcosm of the dynamic and rapidly evolving nature of the cybersecurity landscape. The insights gained and the innovations showcased will undoubtedly influence the industry’s approach to security in the coming years. As we move forward, the lessons from Black Hat and the invaluable direct feedback will inform our strategy and drive the development of new capabilities to meet the ever-changing demands of our customers and the industry at large.

As we wrap up our experiences from Black Hat 2024, it's clear that the cybersecurity landscape is evolving rapidly, with new threats and technologies shaping the way we approach security. The insights gained from the event, along with the direct feedback from industry peers, will be instrumental in guiding our strategy at Rapid7. We're excited to continue innovating and leading the charge in helping organizations take command of their attack surfaces. Stay tuned as we build on these insights to deliver even more powerful solutions in the coming months.

Key Takeaways From The Take Command Summit: Unlocking Security Success

As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware Attacks," that every cybersecurity professional should consider.

1. Proactive Defense is Crucial: Fortify your defenses before an attack happens.. According to the panel, comprehensive security measures such as regular patching, network segmentation, and user training are vital. Implementing endpoint detection and response solutions can significantly reduce vulnerabilities. Eddie Bobritsky said, "prevention is always coming before detection and response. Investing in proactive measures is crucial."

2. Swift Decision-Making During an Attack: During an attack, immediate and decisive action is paramount. Establishing clear protocols and communication channels can mitigate damage effectively. The panel highlighted the importance of isolating infected systems and restricting network access to contain the threat. Robert Knapp said, "swift decision-making is key to minimizing impact and ensuring a successful investigation."

3. Building Resilience After an Attack: Recovery is a multifaceted effort. Conducting thorough forensic analysis to identify the root causes of the attack and implementing robust data backup and recovery processes are essential steps. Lonnie Best said, "building resilience against the recurrence of ransomware attacks requires proactive security measures and regular security assessments."

Key Statistics

  • 65% of organizations impacted by ransomware in 2023 faced more than 6 days of downtime.
  • Ransomware payments were said to have topped $1 billion in 2023.
  • Rapid7 tracked 5600 reported ransomware cases between January 2023 and February 2024.

No matter how much you invest in the before stage, it will always be cheaper than dealing with it afterwards." - Eddy Bobritsky, Senior Director, Product Management, Rapid7

Ransomware attacks are a significant threat, but with the right strategies and proactive measures, organizations can enhance their defenses and build resilience. To dive deeper into these strategies and hear more from the experts, watch the full video from the Rapid7 Take Command Summit.