Malware is becoming more sophisticated, actively resisting traditional detection technologies. This development is posing new challenges to security companies. According to independent test organizations, almost one out of ten malware attacks succeed.
One in ten – sounds like a lot, but what does this mean in practice?
One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.
With this in mind, we believe that detection rate is a key factor in the value of security.
With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.
Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.
Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.
To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.
So why does detection rate matter? The answer is simple: even a single incident can be one too many.
And that’s why our aim is to “Protect the Irreplaceable.”
Every time you go online, your personal privacy is at risk – it’s as simple as that. Whether you’re creating an account on a website, shopping, or just browsing, information like your email, IP address and browsing history are potential targets for interested parties. All too often, that information is sold on or sometimes even stolen without you even knowing it. And the threats to our online privacy and security are evolving. Fast. As F-Secure’s Online Protection Service Lead, Christine Bejerasco’s job is to make life online safer and more secure. “We’re basically online defenders. And when your job is to create solutions that help protect people, the criminals and attackers you’re protecting them against always step up their game. So it’s like an arms race. They come up with new ways of attacking users and our job is to outsmart them and defend our users,” Christine says. Sounds pretty dramatic, right? Well that’s because it is. While it used to be that the biggest threat to your online privacy was spam and viruses, the risks of today and tomorrow are potentially way more serious. “Right now we’re in the middle of different waves of ransomware. That’s basically malware that turns people’s files into formats they can’t use. We’ve already seen cases of companies and individual people having their systems and files hijacked for ransom. It’s serious stuff and in many cases very sad. If your online assets aren’t protected right now you should kind of feel like you’re going to bed at night with your front door not only unlocked but wide open.” Christine and her team of 11 online security superheroes (eight full-time members and three super-talented interns) are on the case in Helsinki. Here’s more on Christine and her work in her own words: Where are you from? The Philippines Where do you live and work? I live in Espoo and work at F-Secure in Ruoholahti, Helsinki. Describe your job in 160 characters or less? Online guardian who strives to give F-Secure users a worry-free online experience. One word that best describes your work? Engaging How long is a typical work day for you? There is no typical workday. It ranges from 6 – 13 hours, depending on what’s happening. What sparked your interest in online security? At the start it was just a job. As a computer science graduate, I was just looking for a job where I could do something related to my field. And then when I joined a software security company in the Philippines, I was introduced to this world of online threats and it’s really hard to leave all the excitement behind. So I’ve stayed in the industry ever since. Craziest story you’ve ever heard about online protection breach? Ashley Madison. Some people thought it was just a funny story, but it had pretty serious consequences for some of the people on that list. Does it frustrate you that so many people don’t care about protecting their online privacy? Yeah, it definitely does. But you grow to understand that people don’t value things until they lose it. It’s like insurance. You don’t think about it until something bad happens and then you care. What’s your greatest work achievement? Shaping the online protection service in the Labs from its starting stages to where we are today. What’s your idea of happiness? Road trips and a bottle of really good beer. Which (non-work-related) talent would you most like to have? Hmmm… tough. Maybe, stock-market prediction skills? What are your favorite apps? Things Stumbleupon What blogs do you like? Security blogs (F-Secure Security blog of course and others – too many to list.) Self-Help Blogs (Zen Habits, Marc and Angel, etc.) Who do you admire most? I admire quite a few people for different reasons. Warren Buffett for his intensity, simplicity and generosity. Mikko Hyppönen for his idealism and undying dedication to the online security fight. And Mother Theresa for embodying the true meaning of how being alive is like being in school for your soul. Do you ever, ever go online without protection? Not with systems associated to me personally, or with someone else. But of course, when we are analyzing online threats, then yes. See how to take control of your online privacy – watch the film and hear more from Christine. See how Freedome VPN will keep you protected and get it now.
F-Secure Chief Research Officer Mikko Hypponen appeared on the BBC recently to talk about cyber security, data breaches, and “dadada.” [youtube=https://www.youtube.com/watch?v=o19KaRl2ihQ&w=560&h=315] During the interview, Mikko described the current state of cyber security as a “cat and mouse race between the attackers and between the defenders.” It might not be as exciting as watching Formula 1 or a marathon, but it’s not as dull as writing some software that stops computer viruses. It’s about actions and reactions - it’s a race. So where do the defenders go to talk shop? Well, this week they’ll be congregating at the annual CyberDef-CyberSec Forum in Paris. CyberDef-CyberSec is an annual event that brings together various stakeholders in the cyber security and cyber defense fields to share knowledge and discuss issues. This year’s event is expected to be massive, with 55,000 industry professionals from 143 countries, as well as 173 official delegations and 700 journalists, slated to attend. F-Secure’s joint sponsoring this year’s event, and sending some of our cyber security experts, including Mikko to share their insights on the threat landscape facing people, companies, and governments. Mikko will be giving a 45-minute talk called “The Cyber Arms Race” that explores the evolution of online threats into weapons for cyber warfare. Also making an appearance is F-Secure’s cyber security guru Erka Koivunen, and F-Secure Regional Head of Corporate Sales Olivier Quiniou. Both will touch on how today’s cyber threats are wreaking havoc on the cyber security of companies. Erka’s talk, entitled “Data Breaches eat CEOs for Breakfast”, may be particularly poignant in the aftermath of the recent firing of the CEO of FACC – an aircraft component manufacturer that was hit by a cyber attack earlier in the year. Olivier, meanwhile, will be giving a 15-minute speech about the chaos cyber attacks can cause for companies. You can check out the program for the conference for dates and times. [Image by dougwoods | Flickr]
You know you're a technical security consultant when you can say the best part of your job is breaking things. Javier Moreno is passionate about improving enterprise security - and to make a technology better, he breaks it first. The thrill of figuring out a software's weakness drives Javier, but also the knowledge that he's providing secure technology to the customer. As a Senior Security Consultant, Javier is one of our experts in F-Secure's Cyber Security Services (CSS) unit. CSS helps organizations enhance their overall security to protect against cyber attacks. (And they're hiring! Interested in joining them as they strive to be the leading and most trustworthy security assessment team in Europe? Check out our open positions.) So what's it like to work in CSS? I asked Javier about his job, what he likes about F-Secure, and how he ended up here in the first place. What do you in your role? I perform security assessments of all sorts of technologies. In short, either break them or know where they will break, and then help improve those technologies. Fortunately, our internal processes are quite optimized so we don't have to deal with much bureaucracy. That means I can focus on the work that I am most interested in. For me, that's reading code, disassembling binaries, thinking about how a framework will break or will be misused, and programming small tools to aid my process. It takes patience! I really enjoy figuring out new things. What is Cyber Security Services all about? CSS is about establishing a trust relationship with our customers and challenging them to improve their security, while providing them with the necessary information and tools to have an advantage. We perform technical assessments for our customers, and also advise the C-level and counsel them on security and risk management. We've grown to cover many topics: application and network security, incident response, embedded systems, transportation security and more. What do you like about working in Cyber Security Services? For me the best part of CSS is the people on the team. We all rely on each other, learn from each other, and in the end we provide the best results to our customers. Our team in CSS is big and skilled enough to cover many facets. We really love security. "End users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default." What is the most exciting part of your job? As a security consultant, I have to say it - it's when something breaks! It's the thrill of working on something that is obscure and difficult to understand at first, and how that untangles to the point where you can control it. Do you feel like you are making a difference in the world? The technologies the modern world is built on require security to run properly. Whether we like or not, end users should not be expected to understand the consequences of technologies, so it's our task to provide them with things that are secure and safe by default - built-in! I am not a savior of anything, but I sure like to do my job well and put a lot of effort into it. Our passion is what makes the difference for our customers and users. What is your ultimate dream job? I don't think there's an "ultimate" job. I try to do the best I can in every area: offensive, defensive, designer, builder, breaker, conceiver of next step. I always try to mix consulting with research and the latter is what is more interesting to me. What path brought you to this position with F-Secure? My background, rather than being in computer science, is in telecommunications engineering. The University in Spain was much more theoretical than practical and it covered a lot of topics, so I ended up with quite a multidisciplinary profile, something in between hardware and software. I started in the space field, but infosec was my hobby for a long time and soon I started doing it full time, moving away from the typical engineering path. In any case, in this field, degrees and certifications generally mean nothing - they are just enablers, a jumpstart. Infosec is a very broad field of work and requires passion, maybe even obsession, if you want to cover enough aspects and be good enough. In 2010, I moved to Germany to pursue a more interesting security market and have been part of F-Secure's CSS Germany team for over a year now. Want to learn more about a career with F-Secure Cyber Security Services? View our various open positions in sales, risk/security management, technical consulting, and people management.