Christmas Calendar, Day 12: World Peace, Radio Controlled X-Wings and Tough Cyber Security

Who are you and what do you do at F-Secure?

I am Antti, a Senior Security Consultant from the F-Secure CSS Security Management team. Our team helps customers build good security culture in their company, so we are basically helping our clients manage their data, design their information systems and train their employees. Quite often there are compliance needs in play too, like ISO27001 or PCI DSS. We don’t usually have to touch customer computers at all, unless you are nerdy by nature like me (having 2U IBM x-Server as a “home computer”).

What was the most memorable cyber security event / incident in 2017, and what should companies learn from it?

Since I have spent my IT career building defenses for different systems from the ground up, I find the big cryptoware attacks on companies to be the most striking.

The lesson companies can learn from them is exactly the same that I give on all my presentations and keynotes (as well as on-site to many of our customers) – old school IT has not gone anywhere. There are clouds and containers, latest micro-services and whatnot. But there’s also patching, service hardening, firewalls, network segmentation and intrusion detection.

Still, what do we see most often? Huge flat networks, legacy servers running in production, unpatched systems and attack surfaces the size of a football field. I love all the new and shiny stuff, but this is a serious lesson for all of us – you have to take care of the foundation to be able to build a stable house. That’s just the way it is.

What are the most important trends that you believe we will see impact cyber security in the next 3-5 years?

Regulations and security compliance needs are pushing companies to be more aware and more in control of their data. On the other hand, technological evolution is forcing organizations to move towards more fragmented “hybrid-model”  IT environments, with complex structures comprised of multiple clouds and on-premise systems. Data is bouncing back and forth: stored there, processed here, analysed there… Physical locations get mixed, administration loses visibility, developers lose roadmap vision.

I expect to see the biggest trend in security management being the process of trying to make sense of all of this. We need to seek ways to effectively track company data, and figure out how to protect it. Technology is currently moving way faster on information processing than information management. In essence, data administration can’t keep up.

What are your top 3 tips for companies looking at improving their cyber security in 2018 and beyond?

Give your security architects and administrators time to do their work well. Believe me, euros spent on this will not go to waste! You’ll know what I mean when you read the news about the next big malware attack hitting the company next door, and realize: “Oh, we had that protocol or service disabled a year ago”.

Test your crisis management procedures. Test them vigorously, with all the service providers involved, down to a grass-roots level. If the day comes, can you really get those logs for forensics work? Can you really restore the data to the disaster recovery site? Can you reach all the critical players? What should you do if you can’t?

These are really valuable lessons for all the layers of a company, from top management to junior employees.

Ensure you have proper visibility over relevant low-level security events in your network, as well as traditional elements like firewalls, access logs and endpoint protection alerts. Make sure someone reacts to suspicious activity promptly. Once an attack gets so far that you can notice it from service availability, for example, you are a bit late.

What’s on your wish list to Santa Claus this year?

I have for years and years wished for world peace, so I will put that in this year as well.

That, and a radio controlled X-Wing. 😉

Are you planning to make any work related New Year’s resolutions?

Cyber security is based on plans and risk-aware predictions, not resolutions. 😉

What has been the most interesting project you’ve worked on at F-Secure? Tell us a bit about it.

I personally find collaboration gigs, where many of our teams work together, the most interesting. After years of building defense protocols for different companies, it’s often like “shadow boxing” against an invisible enemy. I’ve had assignments where I have been assessing a customer’s security management approach and found classic errors in their processes and system designs, while at the same time our tech guys have breached their systems using text-book methods. The educational impact to the customer is just incredible – we’re actually demonstrating that we’re not just trying to scare them for our own benefit: “See? This is how this really happens” 🙂

What has been the most challenging project you’ve worked on at F-Secure?

All in all, IT, people and information management is pretty much the same everywhere. Environments, surroundings, organizational cultures and our customers’ “missions”, on the other hand, are the real variables.

I think challenges arise when you get to do “our thing” at customers who are industry leaders, really big players on their field and/or important to a whole society or country. You want to do your absolute best, since you feel privileged to be able to contribute to these companies or causes. And you are representing F-Secure as a whole onsite. They wanted the best, and called us. And now it’s time to deliver. 🙂

We are driven by this challenge, and it’s really the thing that keeps us going. You never get bored with that feeling.

What’s your favorite information source on cyber security?

Websites, posting groups, community sites… There are so many. But my favorite sources are my colleagues.

If you’d have to recommend people to follow one cyber security influencer, who would she/he be?

Any pony-tailed F-Secure fellow you like.