EMA Blog: Business Intelligence and IT Management

In an era rampant with cyber threats, the security of passwords and identity remains a critical concern. According to HaveIBeenPwned.com, over 12 billion credentials were compromised online as of March 6, 2024. This staggering figure underscores the vulnerability of password-based authentication systems. Most (if not all) of these involve compromised passwords, and often expose not only a compromise to the originally affected domain or web application, but also multiple accounts utilizing the same email address and password.

The Dynatrace Perform 2024 conference delivered a plethora of insights and forward-looking perspectives this month. Throughout the conference, the event encompassed keynotes, breakout sessions, customer panels, and hands-on training, offering a holistic view of the latest trends and innovations in the tech industry. The overarching theme, "Make Waves," encapsulates the imperative for transformation and disruption in the tech industry. It underscores the need to drive substantial change and progress amidst evolving trends.

The Black Hat Europe 2023 conference, a gathering of cybersecurity professionals and experts, delved into the intricate world of cybersecurity, exploring emerging threats, innovative defense strategies, and the pressing need for collaboration between the private sector and government entities. Here's a breakdown of the key takeaways and highlights from a few of the conference sessions.

Every year, technology enthusiasts and industry leaders gather at the serene Rocky Gap in Western Maryland for Tech at the Gap, an event that has earned the reputation of being one of the hidden gems of Maryland's tech conference scene. This year, the conference's theme, "Decoding Intelligence," promised to unveil the mysteries behind artificial intelligence and its transformative potential. With an impressive lineup of keynote speakers and breakout presenters, the event did not disappoint.

The stage was set, the players were ready, and Black Hat USA 2023 delivered a cybersecurity spectacle that left no doubt—this was a game-changing event. As we unpack the highlights, one overarching theme emerges: a united front against ever-evolving threats. From generative AI to cloud security and a glimpse into the future of defense, this year's conference illuminated the power of collaboration and innovation. Amidst these pivotal discussions, one revelation—the TETRA:BURST vulnerabilities—took center stage, leaving an indelible mark on the field.

Last week, I had the privilege of attending ConnectWise’s IT Nation Secure conference. The three-day conference focused on managed service providers (MSPs) – specifically, how those MSPs can better secure and protect small businesses and midmarket companies. If you haven’t attended this conference in the past but have attended others, I highly recommend attending the ConnectWise IT Nation Secure conference due to the unique perspective they provide for the cybersecurity industry.

The 2023 RSA Conference was one of the largest and most impactful cybersecurity events of the year. The conference brought together a large number of exhibitors, training sessions, and sponsor briefings and generated a lot of buzz on social media platforms, such as Twitter and LinkedIn. We took some time to analyze the data from social media and the conference and found some interesting trends.

As of January 2023, Over 194,000 Systems on Internet Still Vulnerable to Heartbleed

The Bleeding Heart of the Internet

In April 2014, the Heartbleed vulnerability was publicly disclosed, sending the information technology world into a panic and rushing to patch this critical vulnerability in OpenSSL, which was allowing the theft of information directly from the memory of vulnerable systems, including private keys and other secrets. This vulnerability featured extremely easy exploitation by attackers, leaving no trace of attacks. Heartbleed ultimately resulted in many late nights for most of the information technology industry, who worked to implement and validate patches for open and closed source products that have integrated the OpenSSL libraries – which accounts for an extremely large percentage of technologies connected to the internet.

It’s time to circle the wagons and defend the data and users

As the world reopens, the conference booths light with excitement and empty expo halls are once again filled with hustle and bustle. I thought it important to take a moment and look at what changed in the past two years and where the security industry has room for improvement. This was the first in-person RSA Conference, and likely the first major security conference at all for that matter, with large in-person attendance after the peak of the COVID-19 pandemic. While the conference looks very similar to conferences before the pandemic, the cybersecurity industry landscape has drastically changed.

Long gone are the days of simple, signature-based defenses against cyber-threats.

Cyber-threats are growing at an exponential rate in the perpetual cat-and-mouse game of cybersecurity, and traditional approaches to cybersecurity are struggling to keep pace. In 2021, anti-malware vendors estimated that they detected between 300,000 and 500,000 new pieces of malware every day. That means than in 2021 alone, over 100 million new pieces of malware were created. Even if cybersecurity vendors can keep up with the sheer volume of new pieces of malware, traditional signature-based and even heuristic-based detection algorithms will struggle to keep up – and that’s only for known malware.