Mobile devices are more intelligent than ever and are increasingly presenting a major cybersecurity challenge. Mobile devices don’t just hold huge amounts of data about us as individuals; with the rise of multi-factor authentication apps, they often act as access points to critical corporate networks, accounts, and systems.
BlackBerry, the former smartphone pioneer, has reinvented itself as a security solution designed to combat security flaws in mobile devices and endpoints, developing market-leading unified endpoint security and management solutions that protect against threats and providing admins with greater visibility over device health and security.
Nigel Thompson, VP of Product Marketing at BlackBerry, has been at the forefront of securing mobile devices throughout his career since founding one of the first mobile device management (MDM) solutions, CloudSync, in 2004. We spoke to Thompson about the mobile threat landscape, challenges in securing corporate systems, and how organizations can keep their users and customers protected against sophisticated mobile threats.
The Growth Of Mobile Threats
Thompson founded CloudSync to help organizations deal with the challenges of securing mobile endpoints. CloudSync was one of the first SaaS-based mobile device management (MDM) providers, featuring management and visibility capabilities to help organizations deal with the challenges of securing mobile endpoints.
CloudSync was acquired in 2010 by Good Technology, a San Francisco-based security company that provided mobile device security and mobile application security. Good Technology were focused on the issue of “unmanaged endpoints”; personal iPhones and Android devices that weren’t owned by the company, but still needed to be secured.
In September 2015, BlackBerry, who had previously been one of Good Technology’s major competitors in the mobile security space, acquired the service, integrating their technologies and solutions into a unified, holistic mobile security solution, and bringing Thompson into the BlackBerry team. In 2018, BlackBerry also acquired Cylance, combining their unified endpoint management solutions with powerful endpoint security.
The acquisition signaled a move from BlackBerry’s traditional customer base—the regulated, high-compliance market—to providing solutions for organizations of all sizes.
“The notion that only big companies should have big security solutions is getting blown out of the water.”
– Nigel Thompson
“We now have law firms coming to us saying, ‘We’ve only got 12 customers, but those 12 customers represent $40 million dollars in assets and revenue.’ So, the notion that only big companies should have big security solutions is getting blown out of the water,” Thompson says.
The Threat Landscape Today
What is interesting about the evolution in the threat landscape between 2004 and now, Thompson says, is that the use case for these solutions has remained consistent.
“It’s the idea of people outside your network using endpoints that you may or may not own. You can’t just focus on devices that you as a company own, because you’re only solving half the problem and, with remote users, that’s really key,” he says.
There are two main ways in which BlackBerry helps to solve this problem. First, their platform enables security teams to identify an attack, find the compromised endpoint, and alert IT admins if a user installs a malicious application.
Second, it can perform automatic remediation, notifying users that they need to delete malicious applications installed on machines that they want to use for work. BlackBerry apply these features to desktop endpoints as well as mobile, which became an increasingly important use case as the pandemic struck in March 2020.
“When COVID hit, one of the big stresses for certain companies was that large numbers of their users had previously been working at fixed workstations. So, they were scrambling to find laptops and ship them out to new remote workers but, in a lot of cases, they didn’t have enough. So, a lot of companies said: ’Okay, just use your own stuff, you can use a VPN and it’s only temporary,’ and here we are 18 months later!” Thompson says.
To mitigate this, BlackBerry developed a range of solutions to enable protection for unmanaged, personal PCs. These solutions enable users to connect securely to corporate networks without a VPN, the use of which Thompson says is a “horrible idea for an unmanaged, personal device,” due to the difficulty of policing malicious software on personal devices using VPNs, and the privacy concerns raised by employers having full access to employee browsing.
BlackBerry has also developed safe browser technology to provide secure access to cloud applications, and Persona, a solution which uses behavioral analytics to address threats such as account compromise, credential theft, and insider threats across unmanaged mobile devices and corporate endpoints. “We bring in a lot of automation capabilities so we can take a load off security teams and automatically fix some of these issues,” Thompson says.
Rising Rates Of Ransomware And Phishing
BlackBerry’s most recent report into the state of the threat landscape found that cybersecurity attacks had spiked by 64% over the past year; a continuation of annual trends, but also a reflection of the new security challenges posed by the pandemic. One of the most dangerous and increasingly widespread attacks facing large organizations and enterprises alike is ransomware—but why is the risk so high?
“The thing I find most shocking,” Thompson says, “Is that it’s pretty rare to find a company that doesn’t have some sort of anti-virus (AV) system. So, the question is, if you have AV, why are you getting ransomware? It’s a reasonable question to ask because, in the case of most ransomware attacks, the organization affected did have protection in place; it just didn’t protect them.”
“In the case of most ransomware attacks, the organization affected did have protection in place, it just didn’t protect them.”
– Nigel Thompson
The answer, Thompson explains, comes down to the massive growth of a cybercriminal industry that has grown around developing ransomware-as-a-service. A whole business model has been created, he says, in which it’s simple for a cybercriminal to create a brand-new piece of malware that has never been seen before and has no signature. Traditional endpoint protection solutions use signature-based detection to protect against malware, and so, don’t offer strong enough protection against new ransomware attacks.
“The number one thing that SMBs and mid-markets should do is look for ‘next gen’ endpoint protection,” Thompson says. Rooted in a prevention-first approach, BlackBerry’s Protect solution uses AI and pre-execution technologies to see if a file is malicious, rather than relying on signature-based technologies, which can provide greater protection against ransomware attacks.
The second major threat that BlackBerry has picked up over the past year has been a huge rise in phishing and SMiShing attacks, especially on mobile endpoints. These attacks can be particularly damaging, Thompson says, because they catch users at a different mindset to the traditional office environment.
“When you’re on a work computer, psychologically as a user, you’re a little more vigilant,” he explains. “You see more, you’re looking at your system, you’re looking for alerts. It’s like a reflex.
“But there’s always been an idea that mobile is like a sandbox, and that mobile is generally more secure. And that’s not true as much anymore. There’s also been an assumption that app stores are safe and nothing bad can get through. And that’s not true so much either. They do a good job, don’t get me wrong, but stuff is getting through.”
During the pandemic, there was a significant rise in credential theft via mobile devices, something Thompson believes is the beginning of a major new attack vector. “The bad guys are just trying to calibrate, they’re seeing what works and what doesn’t work,” he says.
Other threats have included a significant rise in insider threats, and a concerning rise in the rates of cryptomining and cryptojacking, driven by the exponential growth of cryptocurrency technologies. These threats can be extremely damaging, especially if they affect corporate servers, Thompson says.
Stopping these threats doesn’t have to involve big, expensive technologies either,” he says. “Our gateway is a single install, it’s lightweight. But from an administration side, it’s powerful; you can do split tunnelling and stop network traffic before it gets into your environments. It also uses AI engines to look for network anomalies and secure devices.”
Improving Cybersecurity Infrastructure
With high-profile attacks such as the SolarWinds hack and the Colonial Pipeline ransomware attack dominating the headlines, the Biden administration has announced a plan to “overhaul” the federal government’s approach to cybersecurity. This has been needed, Thompson says, because there have been some “real laggards,” in certain industries when it comes to improving cybersecurity.
“There was a notion that security is good enough, so the board won’t increase spending; they try and keep cybersecurity a small percentage of the overall budget. Now they’re realizing that the cost of shutting down the pipeline for days was a lot more than what a few licenses would have cost!”
“There’s a big realization that you can’t be cheap on security these days. Sometimes humans are slow to adapt, sometimes we’re fast. But as you go up into the board level, people sometimes think about issues from two, three even five years ago––but that doesn’t reflect where we are today, with the rise of ransomware-as-a service, nation state attackers, the size of criminal enterprise on the dark web. In many respects, the amount of money we have in the security space in R&D has almost been matched on the other side.”
“The game has changed. It’s serious. The threats are serious, the implications are serious.”
– Nigel Thompson
“So, the game has changed. It’s serious. The threats are serious, the implications are serious. Even during COVID, we were seeing criminals actively targeting hospitals with malware because they knew admin staff were working remotely, which I thought was horrific. Even during real wars, we don’t attack hospitals.”
“But in cyber-warfare there are no rules, and we’re in a really horrible phase where nothing is untouched, nothing is off-limits, and we all have to self-protect until we can come up with a better way of doing it.”
How To Stay Better Protected Against Cyber-Threats
People aren’t complacent when it comes to dealing with cybersecurity issues, Thompson says, but more often than not, they’re not sure what they need to do to get protected. His advice for businesses that are struggling with this problem of uncertainty, would be get more data.
“I would say, get an assessment,” he says. “Bring in a cybersecurity professional, someone who does this for a living, that understands the industry and the latest trends. Do that first. We have a team of people who can help with that, they come in and help you to figure out what you need to do if you’re feeling uncertain.
“If you already know you have a problem, that you have a certain issue that you have a weakness in, they can also help you to validate and deal with that. So, that would be the first step, talk to someone, and they can come and help you out.”
Thanks to Nigel Thompson for joining us for this interview. If you’d like to learn more about BlackBerry, visit their website here: https://www.blackberry.com.