The reality is that users are consistently showing us the root of the problem: there are things about cybersecurity they don’t understand — or that they don’t understand the consequences of. And it’s this lack of knowledge that is leading them to make poor decisions. The question is whether we’re doing enough to remediate that aspect of the issue.
In my opinion, it’s time we take a more holistic view of incident response. If a human is part of the process, you can’t just remediate the device and look to technology to solve the problem; you also have to work to address the knowledge gaps of the user. In the past ten years, we’ve seen the proliferation of APIs, with almost every piece of software we use providing a programmatic way to connect it to something else. As security professionals, we should be looking and pushing vendors to help bridge the gap between systems and enable us to address our challenges more completely.
Ultimately, I walked away from Black Hat encouraged. Sure, there were a lot of exploits discussed, and a lot of scary things that can happen. And I’m certain all of us have security challenges we wish we were tackling better. But even as we all face pressures to minimize downtime and get compromised devices and systems back up and running as quickly as possible following end-user errors, I encourage you join me in periodically taking some time to think about the bigger picture. While we absolutely need to fix problem instances, we also need to think about root causes, particularly in the case of problems (like successful phishing scams) that present themselves with regularity.
Too often we focus on what’s directly in front of us and don't consider the fundamentals. Just as we’ve used technology to enhance and advance other processes, I believe we can use it to do the same for end users’ recognition of and response to cybersecurity threats. Fortunately, the technology is already there to share information between systems; we just need to identify when and where it makes sense to do so. This is something I intend to continue to think about and push forward for end users, and I’m excited to hopefully hear how others have taken this message and applied it at next year’s Black Hat.