$400 billion – that’s the estimated cost that industry incurs annually due to cybercrime. Governments and enterprises are heavily affected and have been strategizing to secure their information. Though actual actions still lag. While 73% of organizations have a mobile security strategy in place, only 3% have the highest levels of security possible, according to a survey we released at our Security Summit last month. Less than half of companies use containerization technology to secure BYOD phones.
At BlackBerry, we’ve always been at the forefront of securing information that’s valuable to our users, as evidenced by the companies that we’ve acquired over the last few years. Just to name a few: BlackBerry Workspaces, which allows you to securely share information to the cloud; Good Technology, furthering our ability to offer cross-platform mobility management solutions; Secusmart, making BlackBerry a leader in not just data but also voice encryption. And most recently, we made a move to sew all of these pieces together with the acquisition of Encription in February 2016.
Encription is a UK-based cybersecurity consulting company that is a recognized and respected global leader in cybersecurity consulting and has worked with some of the top governments and corporations in the world. Adam Boulton, BlackBerry’s Senior Vice President of Security Technology (above), led the acquisition process with a vision of bringing BlackBerry’s industry leading security engineering practices to a larger audience. Adam’s experience in the security industry is vast with over a decade spent working in security engineering—from taking a wide variety of technical roles, to reverse engineering, to penetration testing and secure software development, to now leading BlackBerry’s Security Technology organization. Adam spent half of his career as a security consultant, delivering a wide range of security assessments for FTSE 100 clients. We recently got the chance to sit down with Adam and learn a bit more about him, BlackBerry’s new Professional Cybersecurity Services business, and the future of the security industry.
Syed: I understand you’ve been with BlackBerry for a long time and have a wealth of experience in cybersecurity and consulting. Can you tell us a bit about yourself and your team?
Adam: For me it was a hugely exciting prospect to join BlackBerry, a company that focuses and invests so heavily in security engineering. After I joined in 2009, that focus and investment only continued to increase, to the point where BlackBerry became and still remains synonymous with mobile security.
I get to work with such an incredible team of qualified security professionals that are hugely passionate about their role and the industry as a whole. I admire their drive to be the first to industry and always pushing the bar on creating the most secure products possible. For example, the recent patching of the QuadRooter vulnerabilities was an incredible achievement and a great example of BlackBerry’s leadership in the industry.
For myself, I’m a huge geek at heart. I still spend time developing software, reverse engineering and delivering security assessments, it is something I thoroughly enjoy on a personal level. I’m a huge Java fan and a big believer in distributed computing and cross-platform solutions.
Syed: How is the acquisition of Encription important to the future of BlackBerry?
Adam: When considering any large strategic move, it is a long process that takes several months, even years. We spent countless hours conducting market research and trying to get a sense of where we should start, the type of business we needed, and deciding where we would like to build the business. We looked at what best in class security looks like and knew we had a strong security portfolio: Secusmart, Movirtu, WatchDox, AtHoc, Good, etc. As great as these all are, how could we sew all of these wonderful aspects together? Encription was something that made us more complete. Now, for the first time ever, customers can get BlackBerry’s world-leading security experts in their environment to assess their cybersecurity program and help them improve it. We often talk about end-to-end security, but that only looks at products and services at a single point in time. Security is a journey not a destination, and Cybersecurity Consulting lets customers evolve their environments to combat new threats as they emerge.
Syed: What areas will be covered in the new consultancy practice?
Adam: BlackBerry Professional Cybersecurity Services delivers on holistic cybersecurity assessments. We’re focused on services that are from the BlackBerry heritage, secure and dependable systems. We are able to deliver tailored engagements, helping clients mature their cybersecurity practices, whether it be on penetration testing, compliance or security education.
Something we’re particularly proud of is the fact we can relate to our clients, unlike a traditional consultancy that doesn’t build products, we understand the challenges and complexities to build products securely and get them out to market on time. We make sure our clients get the best possible return on investment because we also practice what we preach!
Syed: What would you say are the most effective ways to battle the cybersecurity issues plaguing the industry? And are the current security practices sufficient?
Adam: Education is the number one way to overcome cybersecurity issues; educate employees and consumers about risks and help them understand how to look out for threats. Corporations use many different techniques to educate their employees – for example, some send out fake phishing attacks to their employees to see how they react. But not enough effective preventative measures are being taken and the current level of security is not sufficient. Even with the best technology, all it takes is a single employee or a consumer to making a bad decision.
We also need to keep in mind that the largest – and often most important – clients are in safety critical systems which can directly impact the environment or even human life. With the rapid rise of Internet of Things (IoT) within healthcare, automotive and aviation, security and safety are paramount. We don’t view safety and security as orthogonal (independent) concerns; security can truly be a matter of life or death and requires the best engineers, practices and standards to make sure that products protect these critical systems.
Syed: What does the future hold for BlackBerry’s Professional Cybersecurity Services?
Adam: A lot of the future of security is focused around the Internet of Things (IoT), and rightfully so. The increase of cyber-physical systems introduces a whole range of new threats and the rate of growth in this industry is truly incredible.
Just last month at the BlackBerry Security Summit, we did a live hacking demonstration where two of our top researchers used a Wi-Fi connected tea kettle to compromise an entire secure enterprise Wi-Fi network in under 15 minutes. Hackers can compromise even the smallest, most unsuspecting items that we interact with in our daily lives, which can directly affect the security of any and all of the infrastructure that they connect to. Whether it’s connected appliances, vehicles, power grids or even airplanes, the Internet of Things is coming and we at BlackBerry are ensuring that security engineering continues to be deeply embedded.
Syed: Where can people learn more about BlackBerry’s new Cybersecurity Consulting services?
Adam: To learn more about our Cybersecurity Consulting business, visit our website at http://www.encription.co.uk/ and http://ca.blackberry.com/enterprise/cybersecurity-services.html. You can also contact us directly at firstname.lastname@example.org to discuss the best ways that we can help your business.