“The largest cyber security strategy being deployed in the cyber security market is hope, ‘hope that it doesn’t happen to me’,” said Charles Eagan, CTO, BlackBerry.
Over the last few years there has been an explosion of connected endpoints and an explosion of technologies — things are moving to quickly and this pace has created a lack of standards. Indeed, almost daily, the news is full of ransomware, data theft and cyber attack headlines.
“We’re running a bit loose with all the connected data being generated,” continued Eagan.
But, organisations can improve with an improved security posture — an overall strategy that includes technology, education/training and best practice.
“There’s a lot of best practices that organisations can put in place to protect themselves and take care of consumers’ personal information,” he added.
BlackBerry’s transition to a cyber security company, its 2020 goals and the importance of trust
Continuous authentication
More development is needed on what Eagan referred to as “continuous authentication or continuous security”.
The password is flawed. Once a malicious actor has it, they have access to all your information.
Instead, BlackBerry is looking at a way to build a behavioural model that determines whether or not the user is you, even if the correct password has been used.
“If the user is exhibiting unusual behaviour (time of use, file access etcetera), the program will be able to ask for multi-factor authentication and/or lock the user out,” explained Eagan. “This type of continuous security is really important — we need to leapfrog prevention security that is needed to provide the protection and be proactive.”
“We need to step up our game to be properly prepared for the future”
How does this continuous authentication work in practice? The more data an organisation has on its employee — location, time, patterns — the more comfortable the model will be at effectively authenticating people. Done effectively, this will lead to more security and fewer passwords.
Passwords are very ineffective as a one and only security infrastructure. Instead, organisations need a dynamic security model. And, in the interim, “multi-factor authentication is essential,” added Eagan.
Cyber security will always be an issue, “until we get rid of passwords” — Frank Abagnale Jr
Awareness and education
For all technology’s potential, improving education and awareness is the biggest source of protection for any organisation.
In BlackBerry’s case, similar to other large organisations, it will test employees with phishing emails based on known compromises in the industry. It will then publish a breakdown analysis of the results to share, educate and future-proof staff awareness. “Although, this is a continuous exercise,” Eagan said.
BlackBerry CTO discusses his role, Cylance and meeting evolving security needs
Cyber security advice
Eagan provided his best advice for succeeding in the cyber security market:
• Think about the security of the solution that you’re using.
• Think about the data that you’re sharing.
• The consumer should insist on cyber security, even on the installation of a connected doorbell.
• Ask questions; how is this data secure?
“Asking more about the security posture of the technologies that people are using will go a long way,” he concluded.