I’m at the BlackBerry Security Summit this week, listening to the unusual keynote by BlackBerry Executive Chairman and CEO John Chen, who, like me, is an extemporaneous speaker. That tends to be a bit more fun than the more common scripted talk, but it can roll off the rails at times and you have to feel for the PR folks who are likely sweating bullets as a result.
Here are some key takeaways from the Summit.
BlackBerry is now seeing positive operating revenue and is showing 131 percent revenue growth in software and services. The legacy revenue from handsets is still larger, but it is in decline. However, the positive operating revenue indicates that BlackBerry has nearly reached equilibrium and the risk of failure has become remote.
Security and privacy are at the heart of the new BlackBerry. Cyber attacks are currently costing enterprises $400 billion a year. A report from KPMG indicated that nearly 90 percent of CEOs don’t feel prepared in regard to security. Over half of the HR departments have warned that employees are not properly trained to resist a cyber attack, making them the biggest source of breaches. Only 41 percent of firms are insured for security breaches, meaning most firms are self-insuring but likely not properly stating the related cost/risk on financials. Seventy-seven percent of IT organizations have reported that they are deploying projects they believe are not secure. Eighty percent of firms in Europe have reported breaches.
Chen is, of course, positioning BlackBerry as the solution. (I’d add to that being properly insured and making sure your employees are being regularly trained.) Security is its thing and it remains the only company at scale that lies above the major mobile platforms and secures both data and voice transmissions.
Samsung, Microsoft and BlackBerry
The two big backers of the BlackBerry Security Summit are Samsung and Microsoft. This is interesting because, at one time, these two firms were likely BlackBerry’s biggest and most powerful competitors. This shows how much the industry has changed in the last decade and how fluid some of these competitive structures continue to be.
New York and Rudy Giuliani
Chen talked about why BlackBerry is doing the summit in New York. One reason is because when 9/11 happened, the only major communication service that remained running and able to coordinate efforts was BlackBerry’s.
Rudy Giuliani was the guest speaker and he apparently is a BlackBerry fan. He spoke to the critical need for security. His consulting firm focuses on security for the likes of nuclear power plants, hospitals and major corporations, and he has been working with Chen and BlackBerry for some time.
Giuliani closed his talk by stating his personal mission to help secure the nation against threats foreign and domestic, and asserted that we are nowhere near secure enough. Afterward, he got a question about how to ensure the nation’s cyber security, at least in regard to a national event. He pushed forward the idea of mutual assured destruction and the fact that it won’t work now because the attacks are likely to come from largely independent government-funded entities that don’t seem to be concerned with reprisals.
IoT Security Demonstration (We’re Screwed)
OK, this was scary. Presenters took over a connected coffee maker on an enterprise-class secure network. They did this by bringing up a rogue access point and sending a Wi-Fi disconnect command repeatedly to the coffee pot. Once it was disconnected, they reconnected to the more powerful rogue hot spot where they were able to get the network password and ID from the coffee pot. In about 14 minutes, they were in the secure network and pulling data. And afterward, all they had to do was power cycle the coffee pot to destroy any record of how they got in.
They then showcased how a BlackBerry solution, assuming it was used properly, would prevent this breach. (I’m thinking it would also prevent folks from getting connected coffee pots.) But this once again reinforces the idea that networks simply aren’t secure, particularly now that IoT devices are on them. By the way, this also suggests that IoT devices should likely have their own network, separate and secure from the corporate data network.
The IoT demonstration really bothered me the most, largely because it would likely work with many traditionally connected devices, like printers, and not just new IoT devices. I remember a security audit from a few years ago where the hard drives on printers weren’t encrypted. Those drives were commonly discarded without destroying them and it represented a massive potential security breach. While I know we focus a lot on how our firms are vulnerable to phishing attacks against employees, we don’t think enough about how vulnerable companies are because of the massive number of connected devices they plug into their networks.
Knowing that mutual assured destruction doesn’t work with cyber attacks, think about the number of nuclear power plants that use connected printers and you have a powerful reason to sign up for that Mars Mission.
Whether you use BlackBerry or not, making sure you aren’t compromised by a connected device should now be a priority.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+.