Black Hat USA, the largest annual cybersecurity conference, is expecting record attendance in Las Vegas this week as high-profile breaches and election meddling fears dominate headlines.
More than 17,000 cybersecurity professionals from government, academia and the private sector are expected to turn out for the six-day show to attend some of the 80 training sessions and 120 briefings on offer. The show has nearly doubled in size since 2014.
“Security has become mainstream. It really has its hands in everything these days,” said Steve Wylie, the general manager of the show. “Companies are having to send more and more people to get training” as threats grow, he said.
The show kicked off Saturday at the Mandalay Bay Convention Center and wraps up Thursday.
Black Hat will feature 300 exhibitors, such as Cisco Systems, offering a range of services and products to protect networks or detect, identify and respond to breaches. Cisco announced Aug. 2 it will buy Duo Security for $2.4 billion, at least the company’s fourth acquisition of a cybersecurity firm since 2013.
Show attendees represent some of the largest companies in the U.S., including JPMorgan Chase, Blue Cross Blue Shield, Amazon, Nike, AT&T and Exxon Mobil, underscoring the ever-growing importance of security to all industries.
The first four days of Black Hat are dedicated to training sessions that focus on topics such as advanced hacking techniques, social engineering and cloud security to give employees the tools to better protect their companies and organizations.
The last two days of the show consist of briefings dedicated to a wide range of current issues. Election hacking will be a hot topic again this year along with critical infrastructure vulnerability, Wylie said.
A Black Hat survey of cybersecurity professionals published in June showed that nearly 70 percent now expect a successful attack against critical infrastructure, up from 60 percent last year.
Carsten Schuermann, a professor at the University of Copenhagen, will deliver a briefing Thursday on the vulnerabilities of the voting machines used extensively in Virginia elections during 2004 and 2015.
Other briefings will focus on hacking connected cars, cash machines and implanted medical devices.
Black Hat will occupy more space at the Mandalay Bay this year as the show grows alongside the industry, Wylie said.
But the breakneck growth is causing a severe industry labor shortage, security specialists said. Some companies and organizations, like the FBI, come to Black Hat in part to recruit.
There are currently about 250,000 jobs openings in cybersecurity around the U.S., according to Sam Olyaei, principal research analyst at Gartner Inc., a global research and advisory firm.
While that is down by half since 2016, the global shortage is forecast to balloon. Olyaei said the industry now expects there will be more than 3 million unfilled cybersecurity jobs globally by 2021, up from an earlier forecast of 1.4 million.
“The demand for cybersecurity specialists is insane. [The country] cannot produce enough to meet the demand,’’ said Giovanni Vigna, the chief technology officer of Lastline, a company that provides network and email security products to detect and fight cyberattacks.
Lastline, which will be exhibiting at Black Hat, has nearly doubled its head count to about 140 over the past year amid growing demand for its products.
Vigna, who also serves as the director of the Center for Cybersecurity at the University of California, said he recruits from the university as well as at hacking competitions.
Olyaei said companies too often search for cybersecurity professionals with a certain skill set, such as knowledge of specific malware tools that may become obsolete in a few years.
They should widen their search to include people not just with strong technical skill sets but also with business backgrounds so they can understand the security needs of an organization, he said.
Vigna said other companies have been looking at machine learning and artificial intelligence to combat cyberattacks while simultaneously reducing their demand for security personnel. However, the technology hasn’t matured to that level.
“People are starting to understand that it’s not a silver bullet,” Vigna said.
Facebook, footwear maker Under Armour, bakery chain Panera Bread and marketing firm Exactis are among the U.S. companies that have announced major data breaches in the last few months. Breaches can cost large companies tens of millions of dollars in lost business and lawsuits.
That has driven companies and organizations across the board to spend more on cybersecurity and enhance employee training. Zion Market Research earlier this year forecast cybersecurity firms will generate annual revenue of $187 billion in 2021, nearly double the amount for 2015.
Companies have historically spent the overwhelming majority of their cybersecurity investment on protection tools, such as firewalls and anti-virus software.
However, over the past few years they have shifted more toward breach detection and response as they come to realize the odds of stopping every attack is slim, Olyaei said.
“You will be breached. There is no such thing as perfect protection,” he said, describing a breach as inevitable as death.
His blunt comment was supported in a survey published in July by Osterman Research that showed U.S. companies and organizations face a “major” attack on average every 6.7 months.
Phishing — the act of soliciting personal information often through emails purporting to be from a trustworthy sender — continues to be the most common type of attack against organizations followed by spyware and ransomware infections, according to Osterman.