September 24, 2018

Last Updated on January 18, 2024

DEF CON 26, one of the world’s largest public gatherings of information security professionals and hobbyists, happened in Las Vegas on August 9-12. This event attracted over 20,000 attendees from around the globe for a weekend of panels, activities, labs, and even parties featuring “tech-centric” music. 
DEF CON is not the only event of its kind. InfoSec and “hacker” conventions and events occur year-round in just about any country that has high-speed internet. Many of these events provide opportunities for professionals and not-so-professionals to meet and share knowledge, tools, and even vulnerabilities and exploits. 
Such gatherings tend to attract a lot of attention from the media. The idea of so many “hackers” in one place for a weekend of research and demonstrations leaves a lot of room for questions. One of those questions is “Why should I care what the information security community is up to?” 
Information security, especially the “hacking” aspects of it, can often seem like “space magic” to someone who doesn’t personally have these skill sets but may have heard about sensational data breaches in the media and most likely has seen all kinds of improbable hacking scenarios on movies and TV. A lot of what happens at DEF CON and other similar conventions can be difficult to understand. However, when these events occur, useful and at times even critical information for your company pours out into the world. 
It’s important to stay in touch with current events because they relate to changes that could impact your business. This definitely applies to information security. One of the best ways to ensure you are prepared for any threat is to know what kinds of threats are emerging and may be coming your way. Researchers often use DEF CON and similar events as a time to “unleash the Kraken”—announcing recent discoveries, vulnerabilities, and the exploitation of these issues. It’s also a time where criminals and malicious characters may be keeping watchful eyes and ears out, hoping to learn of a critical vulnerability that could make or break their entry into your business’s critical infrastructure. 

Key Takeaways from DEF CON 26

While DEF CON may be over, the discoveries and releases of the convention continue to be documented and announced. But if you’re not watching for them, they may be easy to miss. Here are some of the key news flashes from DEF CON 26: 

  • Tesla plans to open-source its vehicle security software to help other automakers secure their connected and self-driving vehicles. 
  • DEF CON 26 raised hackles by featuring several voting machine hacking events, including a panel discussion about the election hacking issue. 
  • Highlighting security issues with medical device protocols, a DEF CON presenter described his research into massive vulnerabilities in a protocol that is commonly used to monitor and communicate patients’ condition and vital signs. 
  • Rob Joyce, senior advisor for cybersecurity strategy at the NSA and a frequent DEF CON attendee, spoke at the event this year on the “who, how and why” of nation-state hacking and the importance of “the basics” in defending your organization. 

If you’re concerned about information security, staying connected to breaking news can help you discover insights that could impact your business and reduce risk. 
To talk with an expert about the emerging risks that your organization is facing today, and how to be ready for an uncertain future, contact Pivot Point Security.

Is a penetration test really the service you need?

Without good Asset, Patch & Vulnerability management in place, a network penetration test could be a big waste of time and money.
Download the free inforgaphic now!