The digital world faces a crisis of confidence when it comes to cyber security. High-profile breaches are reported in the news almost every week and it seems no industry sector or territory is immune from the threat.
The danger is about to increase unless technology brands mobilise more effectively to do something about it
But with the spread of digital technology and its greater uptake by people and businesses, the danger is about to increase unless technology brands mobilise more effectively to do something about it.
With the arrival of a hyper-connected world and the internet of things (IoT), the number of devices connected to the internet, from thermostats to automobiles, is set to soar in the next decade. As well as enhancing lives and freeing up time it will open innumerate new aspects of people’s daily lives to influence from “dark forces”.
Yet rather than step up efforts to repel hackers and virus writers, there has been a step change in corporate approaches to the threat. Corporations are starting to accept they might be attacked and are putting greater weight on what to do when systems are compromised than on preventing attacks in the first place.
“People just don’t have confidence in a hyper-connected world yet,” explains David Kleidermacher, chief security officer of BlackBerry, a company at the very forefront of mobile enterprise security innovation. He argues that companies should redouble efforts to keep the hackers out or else a bad situation will get steadily worse.
“With the IoT there will soon be tens of billions of connected devices all over the world, both personal and corporate, that must be protected and secured. Eventually the figure is predicted to reach trillions. This is not an environment in which people should be wondering whether the internet is safe.”
In other words we need to stay the course on prevention. Although working on contingency planning is vitally important, prevention is a more desirable outcome and one that will instill confidence in digital technologies in the future, helping to realise their full potential.
This is a challenge BlackBerry is investing time, energy and resources in. While some technology companies focus on creating apps and widgets, BlackBerry is focused on privacy and security. It’s a culture that has developed over many years from the ground up and is unmatched in product life cycles.
“Ask anyone at BlackBerry what is their chief concern, and they will say it’s privacy and security. It’s in the company’s DNA, so we see it as our responsibility to show other companies the way forward in this area,” says Mr Kleidermacher.
A major reason digital channels are so fragile is the enormous ecosystem of devices and services on offer. In order to create an effective security strategy, organisations must identify a baffling and ever-changing array of devices, and work out how they all interrelate.
This complexity breeds weaknesses, with hundreds of vendors launching new and more powerful services into communication networks every year. For BlackBerry, therefore, the goal is to create end-to-end solutions that ensure productivity is matched with privacy and security across all devices.
“We want customers to be more productive and more secure regardless of what they are working on, be it an iPhone, BlackBerry, Android tablet or some other device,” says Mr Kleidermacher. “This includes IT administrators who want back-end services that work across the board and grow with flawless updates.
“Our enterprise mobility management platform supports a broad range of devices and operating systems, allowing businesses of all sizes to free up their workforce and take advantage of all the good stuff mobility brings without exposing sensitive corporate data.”
Moving beyond enterprise-level systems, the burgeoning IoT requires a fresh approach to security that protects consumers too. In the future connected devices will range from cars to medical devices, meaning a breach could have devastating consequences.
Anticipating this very real threat, BlackBerry has created a complete division of specialists working on IoT-specific solutions. They build security that is simple to use as well as effective, allowing people outside the IT field to protect themselves easily.
“It’s no good making 16-digit passwords because people just won’t use them; the solutions have to be easy to implement,” says Mr Kleidermacher. “When people think about security, they often think about end-points, where data originates and where it is accessed, but it’s possible to secure data wherever it goes.”
He describes a hypothetical example of a patient sending a picture of an X-ray to a doctor for assessment. Once it is sent the patient has lost control of the data and it could end up in places he or she doesn’t want it to go, say an employer or an insurance company.
“Files can be encrypted, but that doesn’t go far enough,” he adds. “Now, when I share a file, I can attach permissions to caveat its use by giving the receiver only a limited time to view the file or preventing them from forwarding or modifying the message.
“In this growing sprawl of data and devices it’s vital that end-users are able to take control by tying security to the data itself and not just the devices that access it. You can’t know where your data is going otherwise.”
BlackBerry has taken numerous further steps to alleviate the crisis of confidence in technology. It has sought out inter-governmental security certifications as well as national standards and where industry standards do not exist it has looked for independent partners to help create them.
It has recently been working on a security standard for medical devices in conjunction with the US Food and Drug Administration, because one didn’t exist, and an insulin pump connected to the internet, for example, must come with certain guarantees.
In addition to creating new independent cyber security assurance standards, BlackBerry is leveraging its own team of expert hackers, augmented by the recent acquisition of UK consultancy Encription Limited, to help BlackBerry’s customers improve their security development life cycles, and assess their systems and applications for vulnerabilities.
Why? As Mr Kleidermacher concludes: “You can’t raise the cyber security bar until you first know how to measure its height.”
