The 21st annual Black Hat USA Conference took place this week as security professionals from all over the world gathered in Las Vegas to take in the latest security research, trends and technologies. This year's event was expected to have the highest turnout in the conference's history, with 17,000 to 20,000 individuals in attendance.
Security is obviously the name of the game at Black Hat 2018, but right from the opening speech, it was clear privacy was going to have a presence at the yearly expo. All you had to do was listen to Black Hat Founder Jeff Ross, who cited two major privacy laws in the conference's first address when discussing the politicalization of cybersecurity defense.
“The [EU] General Data Protection Regulation, that’s political, and soon we might have a California law to deal with,” said Ross. “Business models are running smack into political models.”
Having the California Consumer Privacy Act of 2018 and the GDPR mentioned right off the bat signals privacy's growing impact in the business world. This new era of privacy was echoed on one Black Hat panel.
"A New Era of Privacy & Data Security" featured BigID Senior Director of Privacy Strategy Debra Farber CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, Schellman & Company Senior Associate Amber Welch, CIPP/E, Demistro Co-Founder Rishi Bhargava and Acalvio Technologies Head of Marketing Rick Moy. The panel discussed differences between personal data definitions in the EU and U.S., the risks organizations face when fulfilling data subject access requests and the importance of collaboration between privacy and security teams.
The panel also covered how marketers and hackers perform their duties in similar ways, just from different angles and vastly different motivations. They also shared advice on creating a privacy compliance program, addressing GDPR duties such as the data breach notification requirement and hiring data protection officers.
Another panel discussed pressing industry issues in a conversation about the future of privacy. Speakers for this group were Future of Privacy Forum Policy Counsel Stacey Gray, CIPP/US, Synopsys Principal Scientist Sammy Migues, UL Solutions and Cybersecurity Business Development Director Justin Heyl and author and journalist Kim Zetter.
The GDPR was just one of the areas the panel spoke on, as the conversation ranged from discussing the public's shifting attitude towards privacy and how consumers are still willing to trade data for goods to data ownership in health care. As genomic data becomes more of a hot commodity, privacy issues will continue to swirl, especially as the data could be used to not only identify a data subject, but also implicate other people as well. In a well-publicized example, DNA from a test was used to identify the Golden State Killer earlier this year. The group also discussed companies having to self-regulate themselves in order to fill in the gaps not covered by regulation, primarily in the U.S.
For Computer Reseller News's countdown of "20 Hot Cybersecurity Products Announced at Black Hat 2018," two of the listed solutions touted their GDPR-compliance capabilities as vital functions. Proofpoint's Targeted Attack Protection Isolation allows an organization to analyze web content for safe internet use for its employees, complying with the GDPR by "enabling employers to establish a filtered, proxied, anonymous, and secure internet service for personal webmail and browsing use." CRN also included the Synopsys Seeker 2018.07, which helps an organization map out all of the sensitive information it has in its possession to keep it in line with the EU rules.
The security world has no choice but to keep its eyes on the GDPR. Inside Cybersecurity conducted an interview with Kudelski Security CTO Andrew Howard and Governance Managing Director John Hellickson. In the interview, the executives said the GDPR is the top issue they hear about from their clients and that corporate reaction has ranged from companies taking a proactive approach to others waiting for enforcement actions before making their next moves.
Of course, privacy covers more than just laws and enforcement actions. Black Hat 2018 featured other interesting technology developments. Blackberry unveiled a new service it claims can reverse ransomware attacks, while CBS News reported on hackers potentially using facial recognition together with artificial intelligence, known as "deepfakes," to affect political campaigns. Facial recognition is also at the heart of a new open-source tool created by Trustwave researchers. Called Social Mapper, the tool can identify Facebook, Instagram, Twitter and LinkedIn users based on their name and picture.
IBM researchers released a report detailing the vulnerabilities it found within smart city systems, and VirusBay Co-Founders Dani Goland and Ido Naor spoke with PC Magazine about how tools created to protect security can remove personal and company information.
Though Black Hat is primarily a security conference, it's clear privacy continues to play a growing and more significant role in the security and business worlds.
photo credit: the lost who dream in binary via photopin (license)