Photo - F-Secure Corporation Asia-Pacific head Keith Martin
According to F-Secure Corporation Asia-Pacific head Keith Martin, the cybersecurity firm sees improving cybersecurity and making things better and safer as its mission.
"When we hear about our competitors doing good things in the market, or Microsoft making Windows 10 way more secure than any other version of Windows, we think it's great. Even if it will hurt our market share to a certain degree somewhere down the line," Keith told Computerworld Malaysia recently.
One of F-Secure's main market segments is performing hardware-related assessments for the automotive and airline industries.
"It sounds a lot scarier than it is. Yes, airlines should be concerned with making sure that their systems can't be hacked, but rest assured that plane controls and things like inflight entertainment are completely air-gapped; both are completely separate systems. Same with Wi-Fi; that does not connect up to what controls the plane," Keith pointed out. He stressed that it is still important to keep all those systems secure as well, however.
In Japan, F-Secure had just won a hardware consulting contract for a manufacturer of automobile car navigation systems. It has also been talking to other manufacturers about self-driving car security.
"One of the challenges when you talk about hardware security is that unlike software, if the hardware itself has a vulnerability, you can't just update the software and fix it; you have actually go and replace that part, or replace the whole unit."
"We started doing hardware security work when we acquired a company called Inverse Path in February 2017. That company then had only a few people, and yet they were one of the most renowned companies for doing hardware security assessment work. One thing nice about this kind of work is it's quite scalable. If we do an assessment on one car navigation system for one company, they can then roll it out to hundreds of thousands of units. It's still an area we have to build, though."
Threat landscape evolves
Another area that F-Secure has focussed on is in endpoint detection and response (EDR), a natural outgrowth of its business growth.
"We started 30 years ago with antivirus, but as we've seen the threat landscape change and evolve, we've had to continue to modify the product set and the offerings that we have, from a software and a service perspective," said Keith.
As a result, F-Secure's products and services now cover the entire gamut of Gartner's Predict, Prevent, Detect, Respond Framework. Gartner recently named F-Secure a Vendor to Watch in a Market Insight report that finds that "there will be 25 billion connected devices by 2021, of which 15 billion will be in the connected home. One of the key challenges in the next few years will be to protect all these devices."
F-Secure has gone from just antivirus to adding in the ability to do vulnerability scanning (Radar), and EDR (a managed service called RDS).
"When cybercriminals try to break into the systems, they look for the weakest link. And for a while, that was endpoint protection - it wasn't getting the attention that it needed. Antivirus was kind of an afterthought - a lot of companies would focus on the network instead. Over the past few years, we saw antivirus get very strong. So the cybercriminals wondered what to do next. Ransomware was it for a little while, but even then we've seen ransomware tail off."
Keith believes that EDR is the next frontier for cybersecurity.
"You start seeing these file-less attacks, where once they get a foothold within a network, often through phishing attacks, they will then use built-in tools within Windows and other OSes to laterally move within the organisation, and attack using tools that a normal sysadmin would use. And so while some endpoint protection may stop some activities, moving around and copying files and doing things that normal people do on a network won't necessarily get caught. So the best EDR solutions are meant to look for those anomalies."
F-Secure has been seeing double-digit growth in Asia Pacific (APAC). "Our aim is to continue our growth in this region. Japan, SEA, and India are our 3 main regions. We'd rather concentrate on a few markets and grow those, rather than continually open new markets. On average, APAC is growing faster than the rest of the world."
So what would Keith like to see happen in terms of cybersecurity in the region?
"A lot of education has to happen. I would also make sure that you're patching your systems. If your systems are not patched, they're not up to date; that can often be enough to put you at risk," said Keith.
"Vulnerability scanning is another one that is useful. Another cheap way to make your company safer is to educate. Educating your employees is a huge benefit; it's scary how easy it often is for our white-hat hackers to get your credentials with a phishing scheme."
Sign up for Computerworld eNewsletters.