NEW YORK. It's a disturbing prospect: hackers and cybercriminals could be inside your company's network right now undetected, and if you're lucky, you may actually find and stop them. At its Security Summit in Manhattan Tuesday, that's one of the statistics BlackBerry disclosed from its market research: in cybersecurity breaches, hackers were inside companies' systems for a median of 200 days before anyone found out.
"For those of you who think this doesn't apply to you, we found something else interesting: 80% of European companies actually have suffered a [cyber] attack in the last 12 months," said John Chen, BlackBerry's executive chairman and CEO. The point is that many companies are likely already in trouble in terms of IT security and potential breaches.
Information from BlackBerry and others helped illustrate the (poor) global state of corporate IT security, including the growing number of apps employees are using:
• There were 38% more security incidents detected in 2015 than in 2014. (PricewaterhouseCoopers)
• Only 38% of companies are prepared to handle a cyberattack. (ISACA)
• 48% of business executives are "highly confident" of their organization's ability to provide mobile security practices. (Global BlackBerry Survey)
• 6.4 billion connected things will be in use in 2016 — up a sizable 30% from 2015. (Gartner, Inc.)
• There are now more connected devices on Earth than living people. (NowSecure)
• 75% of apps fail to properly encrypt data. (Hewlett-Packard)
• Nearly 25% of mobile apps include at least one high-risk security flaw. (NowSecure)
• 75% of all mobile security breaches will be through apps. (Gartner, Inc.)
• 55% of financial companies believe "bring your own device" (BYOD) policies create risk; 47% of business executives say BYOD policies lead to "major" risks. (Global BlackBerry Survey)
• Nearly 50% of companies do not have a security incident response team. (Global BlackBerry Survey)
• Nearly 60% of business executives want the security expertise of an external professional. (Global BlackBerry Survey)
BlackBerry has been undergoing a major transformation, basically shifting away from its handsets that dominated in the pre-Android and pre-iPhone days and now focusing on building on its security-enabling software suite — particularly via a number of recent acquisitions — to handle the range of emerging business connectivity needs. Chen noted that handsets account for about 30% of the company's revenue.
Why is BlackBerry continuing toward this focus on security software? "Simply put, the market needs it," Chen said. "We believe we're the best to secure the connected world; we believe we have the deepest technology 'stack' in the area of enterprise security and mobility."
BlackBerry's stated goal is "to be the world's leading provider of end-to-end mobile solutions that are the most secure and trusted." In that vein, Chen said the company has "thought through how everything is connected, and we believe that we have most everything that's needed" to secure messaging and all manner of business connectivity, which has extended recently to commercial trailer tracking and security.
"One of our most recent releases is called Radar for the IoT [Internet of Things] — this is asset-tracking technology. I think that's going to be interesting," Chen said. Later in a Q&A session with reporters, he noted that the Radar product is being rolled out now following testing. BlackBerry is also getting into cybersecurity testing services, including so-called "white hat" systems hacking.
BlackBerry's intention is "not only to help you mobilize your enterprise — not only help you secure your enterprise — but really do all the testing and making sure that your infrastructure is built correctly. We believe that's going to be a big help," Chen said. Global cybersecurity-related business losses are now estimated at $400 billion each year, he noted.
"Cybersecurity is the top of the risk-management list," he told the audience, adding that among all U.S. companies, 54% don't offer any cybersecurity training for new hires. "This is surprising, since you've seen that a lot of hacks are initiated from inside the company," Chen contended. "It's an area that needs to be fixed."