Friday, June 27, 2014

Dear disruptive innovation

It seems impossible but the Spanish Royal Academy has not yet officially included the term "disruption" in its dictionary. However it will do it soon, according to well-informed sources such as Fundéu ( Nevertheless it does recognize the word "disruptive", although if we try to find a "killer" expression as "disruptive innovation" on Wikipedia, we need to go to its English version (

And yet, the "disruptive innovation" is closer than we might think. In time, it is only three days away, because that's the title of the Summer School session organized by this center - the CIGTR - starting next Monday, June 30. For three days, many of the most of the renowned experts of the cyber security and information security landscape will join us at the Vicálvaro Campus of Universidad Rey Juan Carlos (URJC) in Madrid.

Sponsored by BBVA, this course had been held in the town of Aranjuez since 2011 but this time it will take place at the Vicálvaro Campus for the 15th edition of the Universidad Rey Juan Carlos Foundation’s Summer School. You will find along with these lines one of the videos from the 2013 edition, featuring the Director of IT Risk, Fraud & Security at BBVA Group, Santiago Moral Rubio, who will pronounce the closing speech this year  (July 2), along with URJC’s Professor on Applied Mathematics, Regino Criado. All information is available at (EN) and (ES).

But besides being close in time, the "disruptive innovation" is present on our daily life, as we said. Without going any further, mobile phones are a clear example of disruptive innovation. It helps create a new market and a new value chain - displacing the existing ones - by improving a service or product that the Market didn’t expect. In the security world, innovation like this is everywhere: unexpected event substantially alter the priorities of consumers, corporations, governments and even criminals.

A clear example of this is the Italian company Hacking Team that, far from being embarrassed, it openly sells disreputable tools capable of silently jailbreaking an iPhone prior PC infection. The most interesting and "disruptive" of this is that, far from being a threat to the states, some governments are interested in what these companies can offer. In any case, as soon as we said mobile phones are disruptive, we found out that all the Android devices apart of version 4.4 are vulnerable to critical code execution, according to reports from IBM after nine months of research.

On Chema Alonso’s blog we found another quite interesting disruption, at least conceptually: Why we strive to use complex passwords... if in the end it doesn’t matter? That is, if the service provider does their homework, both a weak or a strong password protects us the same. And if it doesn’t too. Of course, the general advice is still to use strong passwords... Perhaps, deep down, it doesn’t really matter. For example, on a service like Dropbox where you expect a government agency to use strong passwords. Never mind. According to research by Trend Micro, you can "abuse" of a Dropbox’s feature using a variant of PlugX remote access tool (RAT).

As always, security comes from the awareness of all stakeholders. So it is very sad to read today that most health care companies have minimal notions of security culture, what opens a huge "back door" to as sensitive information as health Big Data, according to recent CORL Technologies’s revelations.

Don’t forget that "disruptive innovation" is present in our daily life. Next week we will tell you some of the most relevant issues of "disruptive innovation in security" both on this blog and on our social channels. Please, find the links at the right sidebar.


Post a Comment