Safety Detective has the opportunity to interview F-Secure’s Head of Operator Business, Americas, Timo Laaksonen. We asked him what he thinks is the number one threat to cybersecurity today and where he believes antiviruses are headed.
Safety Detective: How did you get into cybersecurity?
Timo Laaksonen: Almost 20 years ago, I was offered a position in an innovative team who had created the means to implement digital signatures on mobile transactions. That’s where it all started for me. It felt immediately like a job with a purpose, being on a mission to create technology and services that increase trust to transacting over the internet.
SD: What is the number one threat in cyberattacks today?
TL: Nearly everything is connected today — and if it isn’t, it will be in the coming years. Gartner predicts that by 2021, there will be more than 15 billion web-connected IoT gadgets in peoples’ homes. This explosive growth in connected devices has created vast security concerns for consumers.
Security and privacy are low on the list of priorities when these devices are being built. Many connected home devices collect and monetize consumer data, and practically none of them have adequate built-in security. They’re usually the weakest link in your home network, and that’s why they’ve become a primary target for cyberattacks. Gartner estimates that within two years, more than 75 percent of consumer IoT devices will be infected with malware that can be used for DDoS attacks and botnets. That’s alarming.
So, how do we stop this growing attack vector in the home? By hardening network security through the home WiFi router or gateway, protecting all the devices on a network holistically. Unless a security solution is simple, consumers are unlikely to use it, which will leave more and more devices open to attacks. As the “connected everything” trend continues to gain momentum, we also need better consumer awareness of connected home and IoT-related threats.
SD: How can F-Secure protect consumers from cyber threats?
TL: There are two major categories of threats that affect the majority of consumers: mass attacks and advanced threats. These two types of threats require different modes of action.
Mass attacks, such as opportunistic phishing, malware, and spam, need preventative technology. One example is connected homes. Many connected home devices have no ability to host security software. These devices are only as safe and protected as the home WiFi router. Working in cooperation with broadband service providers and router manufacturers, F-Secure deploys security software on routers that broadband companies provide to their residential customers. Furthermore, F-Secure pressure-tests WiFi routers to determine whether they can withstand penetration-testing attacks throughout the router’s lifecycle. The WiFi router is the foundation of the home network. If that foundation cannot pass the test, everything connected to it is susceptible to hacks.
Advanced threats, such as fileless attacks and ransomware, require detection-and-response technology. Such attacks often begin with an innocuous looking email or a clickbait web link on a malicious site. These threats may involve social engineering by pretending that someone you trust wants you to take certain action, like clicking a link, for example, and there is a sense of urgency. If you click on that link – and trust me, one of these days you will – then F-Secure’s threat detection comes into play. By using behavioral analytics, machine learning, and security cloud intelligence we can stop the enemy at the gate, even in cases where we’ve never seen a similar attack or threat before. In this case, the user is blocked from entering a suspicious web site after clicking the link.
In a connected home, your smart TV may connect to your wireless printer. Your game console may start communicating with your smart light bulb. They have no business taking such actions. F-Secure’s Artificial Intelligence-based Connected Home Security service detects these behaviors as anomalies and responds by blocking these devices from accessing the rest of the home network or the internet, notifies the homeowner about the problems, and proposes further corrective action.
SD: How can F-Secure compete with the other security companies?
TL: Security is all about trust. We’ve been defending tens of thousands of companies and tens of millions of people around the world for over 30 years. That speaks volumes about our consistent and successful mission to stay ahead of the latest threats and keep our customers safe. We invest heavily in providing the best cybersecurity by combining Artificial Intelligence and world-class cybersecurity consultants. We work with some of the world’s largest organizations, and for them, cybersecurity is a critical component in maintaining organizational success and business continuity, including three of the five largest banks in the US.
Talking specifically about the consumer and residential cyber security market, we build trust by providing excellent security technology to our customers and partners. This was confirmed, once again, by the Best Protection award we won from AV-Test two weeks ago, in both consumer and commercial product categories.
Equally important, we compete in this space by being a true business partner to broadband and mobile service providers. We have perfected the security-as-a-service business for operators. We have created business models, branding strategies, big data analytics, communication tools, dedicated resources, and marketing services that we leverage to drive our operator partners’ success in the security services business. The results are impressive and speak for themselves. Our operator partners are hitting their all-time highs in having their customers sign up and activate security services, while their NPS scores are improving. Everyone wins.
Finally, and perhaps most importantly, all the great cybersecurity technology and services are of no use unless consumers understand and appreciate their value. Products need to not only deliver value but prove their value to users. Security services need to be extremely easy to use and provide a smooth user experience over their lifecycle. We must not fall into the trap of asking users to download a dozen different apps to remain safe. Clarity over clutter. Our high NPS scores are a testament to the work that we’ve done well. Our customers love our products. And there’s cool stuff in the pipeline on this front that will start to ship to customers only a few months from now that will set us apart from any other company in our market.
SD: How will cybersecurity change in the next 5 years?
TL: The threat landscape is so much different now than it was five years ago, and it will undoubtedly be much different in five years than it is today. We know that in the near-term, greater connectivity through the IoT will create new and significant challenges for consumers and businesses alike. Attackers will try to exploit new technologies and the access points within those technologies, so we need to be better prepared to safeguard against those “emerging tech” attacks.
We also need to shift the narrative around cybersecurity from “if” to “when.” Attacks will happen. They are happening more than ever right now, but there’s not enough being done to adequately detect those attacks in real-time. That needs to change in the coming years. Detection capabilities will become just as important—if not more so—than the basic preventive measures, such as firewalls, being used right now.
And the focus on fantastic user experience will remain just as top-of-mind for us as ever. Our job is to keep the complexities under the hood and let our customers enjoy the benefit of best protection.