The Locknote presentation at Black Hat Europe 2021 discussed the pressing issues facing the InfoSec community and the impact of emerging trends on future InfoSec strategies.
- Research has changed from a security perspective due to the pandemic and the resulting lockdowns.
- The need to secure critical infrastructure was discussed, but there is still debate over what is considered critical.
- There is a shift towards putting people first in security, both on the user side and the security team side.
- Responsibility for vulnerabilities is still a big issue, with chains of responsibility being broken and circular.
- Newcomers to the industry can find bugs in old technology that has been overlooked.
- The psychological aspects of designing systems to be compatible with humans and preventing burnout in the security industry are important.
- There is a need for a separate vulnerability database for clouds to better understand the impact of vulnerabilities.
The presenter noted that during the pandemic, research has changed from a security perspective, with hackers having more free time and causing issues in software and hardware security. They also mentioned the misconception that old technology is safe and has been thoroughly checked for bugs, citing the discovery of the DD6 vulnerability in sudo, which had been overlooked for years. The presenter emphasized the importance of putting people first in security and the need to design systems that are compatible with humans and prevent burnout in the industry.