Who are you and what do you do at F-Secure?
My name is Christoffer. I’m a senior security consultant with a background in research and development. Being based in Stockholm means being a jack of many trades. We hack all things and mostly embedded networky things. I get a feeling of satisfaction from destroying devices and making things break.
What was the most memorablecyber security event/incident in 2017, and what should companies learn from it?
The hacking of Equifax was significant – not because of technical aspects of the hack, but rather because of the business model of the target. Tech industry today is driven by data collection and big data. This leak shows what happens if you combine profit driven data collection with low moral standards. Privacy intrusions happen all the time. Deliberate or not, this time there was a spotlight on the issue. The incident will serve as an example of what to avoid when managing private data for years to come.
What are the most important trends that you believe we will see impact cyber security in the next 3-5 years?
Security patch cycles of the internet-exposed services must improve radically. Mass-scanning for vulnerable services combined with quick exploit development as a business has turned internet-exposed services into malware infestations. As an addition application firewalls to monitor and prevent unwanted behaviour on services to prevent automated exploitation.
I believe that in 5 years credibility and trust will be stronger drivers for brand building, compared to price and aesthetics. The perceived quality of products and services will be determined by the longevity or resilience against fault. The process for security verification and incident handling during the lifetime of a technology will determine the value of the technology and the brand. This may come off as naïve in the age of rock bottom prices, but over-consumption of short-lived technology will lead to broken expectations. Brand differentiation on quality will be born out of the void of trust in consumer electronics and services. This is already happening when decision makers are being replaced out of security negligence.
What’s on your wish list to Santa Claus this year?
A “cloud-connected-glow-in-the-dark-fidget-spinner” for maximum 1€.