Hard Learned Lessons from Black Hat 2023
This year’s Black Hat USA event was a record-breaker, bringing together more than 22,750 attendees to experience firsthand the latest research, development, and trends in information security (InfoSec).
On stage, cybersecurity experts implored audiences to rethink identity and access management as AI can be leveraged by organizations for incident response and by advanced persistent threat (APT) groups — often nation-state backed — to impersonate identities and orchestrate large-scale attacks.
There was pent-up excitement in the Business Hall and a sea of new and established vendors jostling for attention, a sign that the cybersecurity industry is reaching new heights of innovation and maturity.
But if you look past the spectacle and listen closely, attendees are asking the right questions: “When valid or stolen credentials are used in 4 out of 5 data breaches, how do you protect the identity perimeter?” or “How can we evolve our cybersecurity strategies with AI?”
SaaS Identities: Do You Have Full Visibility or Control?
There’s a strongly held belief among IT leaders and security practitioners that vendors and cloud providers have their SaaS applications covered. We heard this on the show floor and from 600+ cybersecurity practitioners from across the globe we recently surveyed.
Our latest State of SaaS Security Posture Management Report (2023) confirms this overconfidence and optimism: 85% of respondents indicated that they are confident that their company and customer data is secure in their organizations’ SaaS apps. But 79% of respondents say that their organization had identified SaaS cybersecurity incidents over the past 12 months.
Are they secure or just unaware?
“The current state of identity and access management in SaaS is that most organizations are confidently incorrect.”
Brendan O’Connor, CEO and Co-Founder, AppOmni
In his presentation, Brendan O’Connor examined Identity risk within the SaaS ecosystem. He broke down the various Identity types that can access a SaaS environment, from internal users to guest users to machines, and the unique risks each poses, referencing several high-profile SaaS breaches in which identities were stolen and API keys compromised.
Navigating the Emerging Security Risks of AI and LLMs
AI has certainly disrupted the cyber landscape, unlocking avenues for task automation and process optimization. But as companies and SaaS providers embrace these capabilities, the surge in associated cyber risks raises a pressing question: How prepared are we to navigate the potential threat of AI and LLMs?
Joseph Thacker, Sr. Offensive Security Engineer with AppOmni Labs, shared with HackerOne co-founder and fellow panelist: “The biggest security risk of implementing AI and LLM features into applications is exposing them to sensitive data or state-changing actions. The hard thing about that, though, is the fact that there is a huge financial incentive to do so.”
If a SaaS provider incorporates AI into their features, malicious actors can perform prompt injection attacks. They can deceive the AI to deviate from the intended actions as dictated by the system’s backend and gain access to sensitive company data.
Security and IT teams must discuss and configure new methodologies for how to secure AI and LLMs. Given the unique features of these systems, relying solely on writing code to give AI instructions on navigating security threats is insufficient. Instead, security and IT teams must employ a form of “social engineering” to mitigate potential risks.
“The more data you give the LLM, the better and more tailored its output will be. If it can automatically create, modify, or fix things, then it is basically free labor. This tension is what will cause many vulnerabilities,” said Thacker.
Speaking at BlackHat and DEF CON about AI and Security was a massive honor and bucket list item. I really appreciate the following that helped enable it.
Joseph Thacker, Principal AI Engineer and Security Researcher at AppOmni
Conclusion
After 40,000+ steps around Las Vegas and record-shattering numbers for Black Hat’s 26th year, it’s evident that cybersecurity leaders and practitioners are eager to secure their organizations’ most sensitive data, end-user identities, and credentials.
We’ll continue hear about compromised end-user identities and SaaS-to-SaaS connections (the new East-West cloud movement), which add to the growing incidence of SaaS attacks.
AI and LLMs are the new frontier. Cybersecurity practitioners and threat actors alike will want to leverage this technology to get ahead of offensive and defensive strategies. And Thacker’s packed panel with HackerOne is a clear indication that preparation is necessary for what lies ahead.
Until next time, stay safe!
Related Resources
-
AppOmni Named a Leader in the 2024 GigaOm Radar for SSPM
This blog discusses why GigaOm identified AppOmni as a leader in SaaS Security Posture Management (SSPM) and all the capabilities the platform provides.
-
AppOmni and CrowdStrike Partner to Transform SaaS Security
Read the blog to see how CrowdStrike and AppOmni come together for a more secure SaaS environment for organizations.
-
Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered
Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.