Who are you and what do you do at F-Secure?
My name is Tuomo, I work as a Principal Security Consultant at F-Secure.
What was the most memorable cyber security event / incident in 2017, and what should companies learn from it?
Wannacry and Notpetya, as they forced companies that do not necessarily see themselves as targets face reality. They also demonstrated the importance of focusing on the essentials in terms of cyber security. Patch management, rapid incident response, good backup processes, network segmentation etc. All of these take a lot of effort, so the natural tendency is to look for a silver bullet, instead of buckling down and doing the work.
What are the most important trends that you believe we will see impact cyber security in the next 3-5 years?
I think the trend of breaching targets via supply chain attacks using partners, providers, suppliers, customers, etc. will continue. Companies usually have little understanding regarding the level of exposure they have via this avenue.
The IoT and cloud megatrends will also force businesses to adopt new behavioral patterns, both on the security service provider and consumer sides.
Suppliers will continue to push services — using terms like blockchain, machine learning and artificial intelligence – which have little impact to the actual state of affairs.
What are your top 3 tips for companies looking at improving their cyber security in 2018 and beyond?
Stick to the basics. No need to get sophisticated before you have decent preventative, detective and responsive controls, procedures and practices in place. Usually the money invested in fancy next-generation kit is better spent ensuring that you’re utilizing what you already have as efficiently as possible. Case in point: Santa, get your sh*t together!
What’s on your wish list to Santa Claus this year?
Some new socks.
Are you planning to make any work related New Year’s resolutions?
No I am not.
What has been the most interesting project you’ve worked on at F-Secure? Tell us a bit about it.
The most interesting project was for **************** where we owned their domain ***********.com using a zero-day exploit for ***************** that is still unpatched by ************ to this day! Good times!
What’s your favorite information source on cyber security?
Twitter, random podcasts and blogs.
If you’d have to recommend people to follow one cyber security influencer, who would she/he be?