BlackBerry CSO: Security will continue to be a ‘cat-and-mouse’ game
By Edwin Yapp November 13, 2017
- Cyber-security goes beyond data theft; will impact physical security
- Education, drills and best practices in processes the best defences
SECURITY, they say, is the weakest link but as clichéd as that sounds, this adage is in fact truer in today’s world than before. And for one expert, the day that cyber-security catches up with cyber-crimes and threats isn’t going to come.
“It’s going to continue to be a cat-and-mouse game,” declares Alex Manea (pic), chief security officer at BlackBerry Ltd to Digital News Asia (DNA) in an interview. “Attackers are always going to find a new way to attack so there isn’t any way to solve this challenge."
Manea was sharing his thoughts at the recently concluded annual BlackBerry Security Summit held in London in October.
Staged in New York for the past three years, the Summit came to London this year, where it featured Manea, BlackBerry CEO John Chen and other senior executives sharing their thoughts on the company’s direction, as well as security trends.
An 11-year-executive with the Waterloo, Ontario-based mobile technology player, Manea says he’s seen three distinct phases of how cyber-security has evolved in the past couple of decades.
Alluding to the 1990s, Manea says that was the old era of the desktop and laptop, where the cyber-security trend of the day emphasised the guarding of physical and cyber-perimeters around the enterprise to protect assets because it was physically connected to one or more networks.
“This is when you have the classic ‘castle and moat’ type of security, where you have the firewall protecting assets and only certain ports open for communications,” he explains.
Then came the second era, which started in the mid 2000s with the bring-your-own-device (BYOD) and mobility trend.
Manea says this era broke the ‘castle and moat’ model as security professionals had to protect the mobile end points that were connected directly to the enterprise network as well as deal with the fact that data was being accessed from all over the world.
“Mobile [handset] access means it’s very easy for one to lose it. Mobile also means getting in from all over the world, so enterprises had to evolve away from ‘castle and moat’ to a more enterprise mobile management approach.”
But the third era – the age of the Internet of Things (IoT) is what really scares this veteran security professional.
Why? Because the IoT era isn’t just about protecting data but protecting physical safety, Manea argues.
“If someone hacks my car, I’m not so worried about them stealing my data as I am about them physically taking control of the car thereby endangering my safety and that of the people around me,” he explains.
“There are already a lot of high-profile hacking of IoT – from cars, planes, to baby monitors, healthcare. In fact, every year at this Summit, we demonstrate these kinds of hacks ourselves.”
Manea believes that this fundamentally changes how security professionals and consumers should think about security because it’s no longer about data on the cloud but it’s literally about protecting human life.
“The future scares me in terms of where IoT is going because a lot of IoT manufacturers are basically taking devices that were never meant to connect to the Internet and connecting them there, and they are not thinking about security, like how to update the software on that device.
“And to me this is the challenge,” he sombrely adds.
Asked how much the industry addresses such issues, given that the progress of technology isn’t going to stop just because security risks exist, Manea acknowledges that these challenges aren’t necessarily binary in nature.
“It’s not about whether it’s happening or not, but how often it’s happening and how many people it’s happening to.”
Pressed further as to what can be done, Manea said he believes that while it’s naturally a cat-and-mouse game, people, especially the younger generation he believes, are going to get smarter.
“There are a lot of people who think that the younger generation isn’t aware of such things but I believe the younger generation is more aware of this thing, and when they get older, they are naturally going to be more resistant.
“For example, social engineering is not new but attacks have just evolved so it’s not a matter of solving it but a matter of educating enough people to be aware of it and be better at mitigating it, so that the attackers no longer find it worthwhile to attack,” he argues.
Rory Macleod, global head of professional service for BlackBerry, added that the industry can and should continuously educate professionals and consumers alike on these growing threats in security.
Macleod said the onus is on the industry to run drills with employees, set best practices for handling information, teach employees about the latest threats and correct processes for mitigating risks, like you would in a fire drill.
“Training, diligence and education will hopefully help get the better of things,” he says.
Edwin Yapp reports from the BlackBerry Security Summit in London at the invitation of BlackBerry Ltd. All editorials are independent. He is contributing editor to Digital News Asia and an executive consultant at Tech Research Asia, an advisory firm that translates technology into business outcomes for executives in Asia Pacific.
Previous instalment from BlackBerry Security Summit, London