Cybersecurity a constant battle: F-Secure CEO

• Speaking of CEOs, CEO scams are the new trend
• Still a lot of education needed to raise awareness

 
YOU’VE got a new job, you’re happy and decide to share it with the world via social media. But little do you know that cybercriminals are already circling, ready to steal your new work identity and use it to hack into your new company’s networks.
 
It is time to stop the sharing! Or at least, to be more circumspect about it.
 
F-Secure Corp president and chief executive officer (CEO) Christian Fredrikson (pic above) believes people are sharing too much information about their work life on social media, which will end badly if they are targeted by hackers.
 
“I understand most of it is for good intentions, as many people rely on social media for recruitment. But sometimes sharing isn’t such a good thing,” he told a media briefing in Kuala Lumpur on April 14, celebrating F-Secure’s 10th anniversary in Malaysia.
 
READ ALSO: There are spies in your fibre!
 
While social media has opened up a new attack surface, in industry parlance, the conventional vulnerabilities also remain, and are getting more sophisticated and insidious.
 
For instance, the latest is the ‘CEO scam’ or ‘CEO fraud,’ which makes use of the trusty old email system: Hackers send fake emails, purportedly from bosses, to employees, asking for money.
 
“US$1.2 billion was lost to CEO fraud in 2015,” said Fredrikson, citing data from the US Federal Bureau of Investigation (FBI).
 
He said this was an easy-to-do scam. The scammers just assume the identity of CEOs and send out emails with the subject title ‘URGENT TRANSACTION,’ demanding employees help out their bosses over a pending business deal.
 
“There is still a lot of education to do, and in this case, leaders are responsible for cybersecurity measures,” he added.
 
Fredrikson noted that both Sony Pictures chairperson Amy Pascal and Ashley Madison CEO Noel Biderman had to step down from their roles in the wake of hacking scandals.
 
“Because at the end of the day, if the leader doesn’t lead the culture of taking cybersecurity seriously, what can be expected of employees?” he said.
 
“Everyone is confused with what cybersecurity is. Ultimately, people should be asking themselves: ‘What are the few most valuable things I have and what would happen if they got stolen or destroyed?’
 
“After listing these things out, you should then draw out a plan to safeguard your assets. It should be followed with recovery and defence plans,” he added.
 
As part of its effort to educate the public about cybersecurity, F-Secure said it gave out 3,000 free licence keys for its Freedome VPN solution in the Kuala Lumpur area last week.
 
Hey dude, where’s my fridge?
 
Fredrikson noted that the Internet of Things (IoT) is creating a big shift in the cybersecurity space.
 
“The IoT is transforming the safety landscape for us because there will be more vulnerabilities,” he said.
 
“Everyone is just too focused on the functionality, usability and connectivity of the [IoT] product. No-one pays attention to cybersecurity because most people think, ‘Why would anyone want to hack my refrigerator?’
 
“But what hackers see is that this unprotected fridge is an alternative – the backdoor – for them to hack into your network,” he added.
 
With cloud computing and the IoT expected to grow explosively in the next 10 years or so, Fredrikson said that there was still much to be done in the cybersecurity industry.
 
“Automation and connectivity will bring great things to people, but this also means we will have to fight harder to make it safe for people.
 
“It is a constant battle,” he said, adding that malware is growing exponentially in emerging markets like South-East Asia and Africa.
 
In the pipeline
 
For its fiscal 2015, F-Secure reported that its overall revenue grew 7% to €147.6 million (US$166.1 million) from €137.4 million (US$154.6 million) the year before.
 
Fredrikson said that with its “strong cash flow and financial foundation,” F-Secure would be looking at acquisitions in Europe and South-East Asia, although he added it currently had no concrete plans as such.
 
The company is also looking to recruit 150 global cybersecurity experts this year, he said, adding that it currently employs 170 people in Malaysia, which also acts as its Asia Pacific headquarters.
 
Related Stories:
 
Cutting the wire: IoT security Part I
 
Time for Safer Smart Toy Day: F-Secure
 
Know thine enemy: Old dogs still sporting old tricks
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.