BlackBerry Out of Phone Business, but Its Security Acumen Valued

While BlackBerry may be out of the smartphone handset business, the company also knows how to do security software, and not only for connected devices.


iPhones and Samsung and other Androids may have knocked BlackBerry out of the high-visibility smartphone market in 2016, but there’s one major aspect of the Canadian company’s business no one will dispute: BlackBerry knows how to do encryption security in its software.

In fact, its excellent email and web encryption is one of the reasons that many people hang on to their BlackBerrys as long as they can (one well-known example is former President Barack Obama), even though the company stopped delivering security updates last December.

BlackBerry still knows how to do security software, and not only for connected handsets. For one example, BlackBerry Jarvis, which the company says is a "cloud-based, static binary code scanning" application, can be used by automakers to quickly and deeply scan and evaluate the voluminous and critical software code used in autonomous vehicles, cutting such scanning from 30 days down to about seven minutes.

BlackBerry Knows Security

In fact, BlackBerry is doing an exemplary business simply on licensing its software, and it always has.

As BlackBerry’s Chief Security Officer, Alex Manea is on the front lines of security issues and trends. He regularly speaks with Fortune 500 C-Suites and leaders representing the world’s top global brands, listening and learning about what security concerns keep them up at night.

“I also try to spend just as much time speaking with security researchers – ethical hackers devoted to discovering security flaws and vulnerabilities,” Manea wrote in a media advisory to eWEEK.

Based on numerous conversations during the past 12 months with customers, partners, government officials, BlackBerry’s internal cybersecurity experts and leaders from both the security and research communities, Manea offered eWEEK a look at his predictions for the rest of this calendar year.

Data point No. 1:  2018 will be the worst year to date for cyberattacks: “With 2017 being the worst year ever for cyberattacks, it’s tempting to think that we’ve hit rock bottom, but what we’ve seen so far is just the tip of the iceberg.

“The fundamental issues that have caused the majority of recent cyberbreaches have not been resolved. IT departments are being tasked to manage increasingly complex networks, support new types of endpoints, and protect more and more sensitive data. Legacy systems are still rampant throughout most industries and cannot be easily upgraded or replaced. These systems often contain publicly known software vulnerabilities which can be exploited to penetrate the corporate network.

“At the same time, attackers are getting increasingly sophisticated and have more incentives than ever to mount cyberattacks. From building ransomware or mounting DDoS attacks and demanding bitcoin payments, to working with organized crime and even national governments, malicious hackers have numerous ways to monetize their skills and to protect themselves.

“Governments and enterprises are recognizing these new threats and deploying modern security solutions, but it will take years to decommission all of the legacy systems. 2018 will be yet another year where the shortcuts of the past come back to haunt us. More importantly, we need to start planning for the future by addressing the new threats posed by the Internet of Things (IoT), which go well beyond anything that we see in today’s cyberattacks.”

Data point No. 2:  Cyberattacks will cause physical harm: “Securing the internet of things is even more important than securing traditional IT networks for one simple reason: IoT attacks threaten public safety. A hacked computer or mobile device typically cannot cause direct physical harm. While it’s certainly frustrating to have our personal information stolen, it doesn’t compare to the impact of being involved in a car accident or having your infusion pump or pacemaker compromised. IoT security will literally become a matter of life and death, and we cannot simply wait for that to happen.

“I’ve spoken recently about the need for stronger IoT security standards, especially as we continue to move towards smart cites. With the growing ubiquity of IoT and lack of focus on security, it’s only a matter of time until malicious hackers breach critical connected infrastructure and devices and cause direct physical harm to individuals and innocent bystanders.”

Data point No. 3:  Hackers will target employees as they become a growing cybersecurity vulnerability. “IT departments typically focus their spending on preventing external attacks, but the reality is that most data breaches start internally – either by sharing documents through unsecure, consumer applications or clicking on increasingly sophisticated phishing attacks.

“While hackers are often depicted as technical geniuses using complex algorithms to break advanced cryptography, the reality is that simpler techniques can be just as effective. Criminal hackers aren’t seeking style points; they’re simply looking to breach the system as efficiently as possible. As our technical defenses continue to improve, employees will become the weakest link, increasingly targeted by attackers as part of their overall strategy.

“My simple advice to all CIOs and CISOs: Go hack yourself. You can spend all of your time building and buying systems that you believe will stop intruders in their tracks, but until you bring professional ethical hackers and let them simulate a real-world cyberattack (including phishing and other social engineering techniques), you won’t ever know if you’re truly secure. Our cybersecurity services team recently gained access to a customer’s network by simply getting T-shirts made with their company logo on it and stating that they were “with IT.” If your employees don’t know how to use the technology you put in place, or realize that they all play a critical role in keeping your company secure, everything a CIO/CISO does is for not.”

Data point No. 4:  Insurance and cybersecurity products will go hand and hand. “In 2018, it won’t matter which system or employee proves to be the weakest link, major corporate data breaches will happen and insurance companies are taking notice. They are taking notice because attacks to their clients could be as harmful as it could be helpful to their bottom line.

“This year I predict we will see firms not only add more cyber policy holders to their roster but also seek out two strategic avenues to help manage risk for them and their customers: products and experts.

“Just like Progressive’s Snapshot plug-in device which helps the insurer provide personalized rates based on your actual driving, insurance companies will start selling products to help track their client’s security posture. They will even partner with security experts to appropriately evaluate a company’s ability to protect against a cyberattack. Scorecards will be given and companies that perform the best will be rewarded with a lower policy amount.”

Data Point No. 5: Next steps. “While many other things will impact the cybersecurity industry this year, I believe these are some of the biggest trends for 2018.”

Manea said that he’ll be diving deeper into these topics over the next few weeks and months, so he invited eWEEK readers to check the Inside BlackBerry blog for updates.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...