2024 cybersecurity entrepreneur challenge
Problem Statements
You are welcome to pitch any solution within cybersecurity during this pitch competition. If you need inspiration of a problem to solve, feel free to select a problem statement from the list below.
The impact of IoT vulnerabilities
Problem Statement: Develop a small-footprint vulnerability scanner / threat identification tool for small businesses / home users to easily scan their networks to determine what impacts IT devices would have if exploited against their network.
Background:
There’s over 5 billion Internet-visible devices online and the total number continues to grow at a rapid pace. According to industry reports most devices exposed on the Internet contain one or more identifiable vulnerabilities.
A large number of those vulnerabilities ( some claims say > 50%) go unfixed for years, and if they are fixed, takes months to do so. Presently, fixing these vulnerabilities is highly cost prohibitive and this is also the reason why then most devices online are never even professionally tested for vulnerabilities in the first place. This is a big reason why it remains possible, even fast and easy, for an adversary to exploit basically any organization.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
Diminishing Returns of Patch Management
Problem Statement: Leveraging multiple sources of data (e.g., vulnerability data, threat intelligence, and vendor patch details), discover the needed patches that could be leveraged against the target system(s) and propose a time-effective remediation solution.
Background:
Offensive telemetry of any and all targets on the Internet will continue to increase and the time between patch availability and exploit development will continue to decrease. Within the next couple years we should expect that if an organization can’t patch in minutes, they'll lose the race as patch management will not be able to keep up.
Adversaries will gradually have highly accurate all-the-time telemetry on their target(s) and simply wait for a patch to drop in the software stack of their target.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
Practical Risk Analysis for SMBs
Problem Statement: Create a small-footprint risk analysis tool that calculates in dollars the risk incurred by the business of a specific vulnerability within the business’ network
Background:
Even the most security-conscious environments must make trade offs between risk and operations/revenue generation. The challenge that exists is in truly quantifying (to a reasonably degree) the risk of a particular environmental issue to a specific business — particularly a SMB. Even when vulnerabilities are known and patches exist, the totality of the actual risk to the business is often difficult calculated and/or articulate.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
Determining Attack Surfaces for SMBs
Problem Statement: Create a small-footprint tool which allows a SMB to identify and map their attack surface.
Background:
At its simplest, ones “attack surface” is the set of points in a given environment where an attacker can try to enter, cause an effect on, or extract data from. This includes (but is not limited to) internet points of presence as well as software/hardware interaction points.
Most companies’ attack surfaces are dynamic, changing as companies develop new offerings and enter new markets. Given that you cannot actively protect what you cannot define, not understanding one’s attack surface creates an heightened level of risk to the organization.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
Spear Phishing Analysis for SMBs
Problem Statement: Create a small-footprint tool which allows a non-technical user to test if an email is a phishing email.
Background:
For the past 2 years ransomware has been listed as the top security problem faced by networks. What is often overlooked is that most ransomware attacks start as a spear phishing email targeting individuals within the victim organizations.
As spear phishing emails become more sophisticated, more adversary emails are slipping by phishing filters. With the advent of generative AI, the velocity of such attacks will only increase. Many smaller organizations lack the knowledge and/or tools to validate emails if they pass initial filter checks.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
Supply Chain Validation
Problem Statement: Leveraging a digital ledger - or other non-repudiation methods - develop a tool that would allow for a software supply chain to be validated by its members.
Background:
Since the December 2020 SolarWinds hack, supply chain attacks have risen in prominence and are likely to continue to be a major threat for years to come. Adversaries compromised SolarWinds’ development environment and inserted malicious code into its code, which was then delivered out to over 18,000 SolarWind clients. The discovery of this malware kicked off an extended investigation that uncovered not only the details of the SolarWinds hack but also multiple malware variants and an attack campaign that impacted public and private sector organizations.
This hack, along with other high-profile supply chain attacks have demonstrated the need for better understanding the software bill of materials (SBoM) of supply chain vendors. Going into 2022, cyber threat actors are likely to expand their use of supply chain attacks to amplify the reach and impact of their attacks.
Key Stakeholders:
Edward Vasko, Institute for Pervasive Cybersecurity
SPONSORED BY
PRESENTED BY
