UNDER THE
SPOTLIGHT
60
practically vulnerable. And for
attackers, they are not interested
in hacking into your smart TV, but
they are interested in hacking into
you, the smart TV can give them an
entry point.
So, it’s more of an attack surface.
One of the big investment areas
for F-Secure is to protect all those
devices. But you can’t protect those
connected devices in your home
by securing the endpoints. For
endpoint protection you need to
install a software, and you cannot
install endpoint security software
to your (smart) toaster.
The perimeter here is the router,
you always have the Wi-Fi router in
your home. So, we have developed
an enterprise grade software that
goes to the router, and then once
that’s in the router, it protects
all the devices you have in your
home, which you use to connect
to the internet. This is one of the
biggest initiatives we have taken
in F-Secure to drive home IoT
security with our partners.
5. Coming towards
cybersecurity laws and
regulations in several
countries in the world
and even for Finland.
How do regulations help
bolster cybersecurity of
the region? What are the
challenges?
I think there are a couple of
key points here. First, I think
cybersecurity is already such an
CISO MAG | November 2019
Vo l u m e 3
Issue 10
Vo l u m e 3
Issue 10
UNDER THE
SPOTLIGHT
integral part of any industry. If
you’re a car maker you need to
think about cybersecurity; if you
work in aviation you need to think
about cybersecurity; if you are
into healthcare you have to think
about cybersecurity. It’s kind of
industry agnostic, cybersecurity
is everywhere and given that
the world is digitalizing fast, if
industries or companies fail to do
a good job in cybersecurity that
will put the whole of society at risk.
And to avoid that risk there needs
to be some legislation.
It cannot be like, do what you
want because sometimes some
companies are not fully up to
speed with understanding what
they require to protect themselves
(from cybercrime), and to protect
their customers. Some companies
are so short-sighted that they are
just optimizing for short-term
profitability and investing in the
things that they feel are profitable
to them. Several times they don’t
even think about what is good for
their customers. And therefore, I
think some legislation needs to be
there.
But how do you do that? I have a
couple of key points. First, the big
challenge is that this industry is
moving fast, the world is moving
fast, but legislative processes are
moving very slow. There is a risk,
whenever you put legislation on
something like cybersecurity, the
process takes so long, it’s already
like two or three years old and the
industry has moved on.
CISO MAG | November 2019
61