Black Hat Set to Expose More Than 30 Zero-Day Flaws

Over the years, the Black Hat USA security conference has built a reputation around being the place where new security vulnerabilities are disclosed, and 2015 will be no exception. Defensive approaches to security will also be a key theme at the upcoming Black Hat USA 2015 briefings event, which starts Aug. 4.

Steve Wylie, general manager of the Black Hat conference, explained that content for the Black Hat USA event is selected by an independent review board of industry experts. “Our content comes from the community,” Wylie told eWEEK.

For the 2015 event, Wylie said that he has seen an uptick in the submission and selection of topics that deal with malware defense as well as mobile technologies. True to its historical form though, zero-day vulnerabilities will also be a key theme at Black Hat USA 2015, Wylie noted.

Black Hat 2015

“We have 32 different zero-day vulnerabilities that will be disclosed at the event,” Wylie said. “The zero-days come from a broad swath of topics, including mobile and SCADA [supervisory control and data acquisition] systems.”

In preparation for the event, the Black Hat conference organizers conducted an attendee survey to gauge the perception and the reality of the current security landscape. The study, based on responses from 460 IT management and security professionals, pointed to the difference in priorities over what is really important in security.

“There is a gap between priorities and where enterprises are spending time and resources,” Wylie said.

More than half (57 percent) of survey respondents indicated that sophisticated attacks ranked as the top concern. Yet when asked about how time and resources are spent, 35 percent of respondents indicated that dealing with security vulnerabilities introduced by their organizations’ own application development teams, consumed the most time on an average day. In contrast, looking at sophisticated attacks only consumed 20 percent of respondents’ time on an average day.

Threat Survey

There is also a gap when it comes to social engineering-based threats, which 46 percent of respondents cited as a key concern. Yet when it comes to time spent, it represented 31 percent.

The media is also playing a role in fueling the gap between security perceptions and reality.  The study found that 41 percent of respondents hold the opinion that media coverage on domestic surveillance concerns has been overplayed, while 27 percent thought there was too much media emphasis on hacktivists and politically motivated security incidents.

Another key trend that the study identified is the IT security skills gap in the enterprise. Only 36 percent of respondents indicated their companies have all the job skills they require, while 55 percent admitted that additional training would be helpful. On a positive note, only 9 percent indicated that they are not prepared to deal with potential future exploits.

The Black Hat research comes as increasing numbers of organizations are now admitting they have been the victim of a breach.

A QuinStreet Enterprise study released on April 30 found that 76 percent of surveyed organizations had experienced a damaging breach within the past 12 months.

Are you a security pro? Try our quiz!

Originally published on eWeek.