- Over the weekend, Blackphone was rooted by hackers at the Las Vegas BlackHat conference.
- With 99% of malware targeting the Android platform, Blackphone's concept of security is built on top of quicksand.
- BlackBerry's dominance in regulated industries is further solidified by Blackphone's vulnerabilities and inability to withstand a 5 minute attack.
- The number of hack attacks and spying incidents exploded this year. BlackBerry stands to gain from the prevalence of incidents as the C-suite worries about security.
- Target is a good barometer for measuring the size, scope, and impact of a security breach on share prices, revenues, and profits.
One More Competitor Busted
To determine the viability of my investment in the face of challengers, I often monitor the competition to determine their strengths and weaknesses. In some of my previous articles, I have covered how BlackBerry (NASDAQ:BBRY) compares to Apple (NASDAQ:AAPL) and IBM (NYSE:IBM), Samsung (OTC:OTC:SSNLF), MobileIron (NASDAQ:MOBL), and Good Technology. I have even taken a deep and singular look at Apple and its emerging challenges to point out BlackBerry's opportunities, and its +233% growth in the US market over a 6 month window. In this article, my focus will be on BlackBerry and Blackphone. The two companies recently launched missiles at each other:
- In their Business Blog, BlackBerry calls the Blackphone "Consumer Grade" and "Inadequate for Business."
- Blackphone's CEO Toby Weir-Jones responds with his own piece in which he mentions how "RIM made it technically possible for the formerly-secret encrypted messages to be decrypted and viewed"; Blackphone's encrypted voice communications will challenge BlackBerry; and its product is now in the hands of "27 of the Fortune 50, plus 11 international governments."
Certainly, Weir-Jones' response to BlackBerry was an eye opener:
- The Blackphone has apparently received more than a cursory interest, and has possibly lured away 11 governments from BlackBerry. Some of the largest enterprise are also curious about their offerings.
- Details of how RIM/ BlackBerry made it possible for governments to decrypt messages were not provided as that would weaken Blackphone's marketing stance. BlackBerry sets up servers inside countries that want to further monitor their citizenship, and these are isolated cases that do not affect the implementation elsewhere. Hence, it is not true that BlackBerry can be decrypted en-masse. Also, while a consumer does not run BES10, they do not benefit from the full strength of BlackBerry's security suite. This does not mean that when the media makes a splash about how a drug lord's BlackBerry messages are intercepted, everyone on a BlackBerry is vulnerable.
- Securing voice communication is the new frontier. The Blackphone offering with Silent Circle is a direct challenge to the offering from BlackBerry and Secusmart. BlackBerry's recent announcement of the Secusmart acquisition may be rooted in ensuring Blackphone does not encroach on BlackBerry's bread and butter any further. With Secusmart, BlackBerry will be able to market itself as the Wal-Mart (NYSE:WMT) of Voice and Data Encryption as it is able to offer discount on security given it has the largest user base. Already, BlackBerry has the lowest Total Cost of Ownership as compared to other MDMs. The ability to keep everything under one roof means the customers come to a one-stop shop for security and can spend their time focused on their business, not worrying about security headaches.
Interestingly for BlackBerry, after all the mudslinging, further support for its platform came from an unlikely place: a BlackHat forum in Vegas. I was surprised to read this weekend that the Blackphone only took 5 minutes for hackers to break into. The complete lack of challenge to the hacking community spoke to its weakness as a product and also further confirms that it is built on top of quicksand. Kaspersky wrote in January of 2013 that 99% of mobile threats were on Android and they were largely of 3 types: SMS trojans, back doors, and spyware. Some of my readers may argue that given Android is the mobile OS of choice, it is a given that the majority of issues are found there. I challenge that point of view: if it were true, then why is QNX used in mission-critical operations and why is Germany's Angela Merkel and President Obama on a BlackBerry?
Since May, I have been building a list on hack attacks and NSA-related spying incidents. The number of incidents in 2014 has seen explosive growth. I have also been tracking Target's (NYSE:TGT) stock price and performance since the hacking incident:
- December 19, 2013 - Target hit by a hack job compromising over 50 million credit and debit cards. Stock performance -8.18% from December 19 to present.
- May 5, 2014 - CEO ousted 5 months after data breach. Stock -5.9% since announcement.
- August 5, 2014 - Target announces $148 million in gross expenses related to the security breach. Insurance coverage will offset $38 million.
The takeaway from the Target incident is the following:
- Enterprise will become more reluctant to publicly announce security breaches but actively seeking a solution to prevent a similar attack on their systems.
- Any security breaches that become public will be a direct hit on the bottom line and recovery from the incident is difficult as the breach of trust will cause customer's to look to others for similar services.
- Insurance coverage looks to cover only 25% of the cost of a data breach. Moreover, the cost to obtain insurance will escalate as incidents increase.
- The C-suite will have to worry about security even as staff and consumers may remain indifferent. As executives fear for their own job security, they will make efforts to secure the best solution possible and will most likely choose the service that has the most reliability over the one with no proven track record.
- The C-suite can subscribe to a moderate BYOD program whereby employees are required by the job to purchase for corporate and personal use devices that are prescribed and pre-approved. Anyone who chooses not to follow the corporate regulations will be forced to look for another job.
On the surface, it may seem that not many people will care about security. But looking deeper into the situation, one realizes that when the paycheck is on the line, many people will have to act differently, and respond differently. Outside pressure comes in the form of spies and hackers. The top down effect will overcome initial interest in a broad BYOD program and the companies in the business of securing data will stand to gain from the attacks. This weekend, BlackBerry gained the ammunition to hit back at a competitor and further show enterprise that the best solution is one based on QNX with Android in an emulator; not Android as a foundation with a flimsy wrapper to keep hackers at bay. As BlackBerry is constantly being brought to the forefront of conversation, and the company proves the media wrong, the tide will have to turn.