The value of security

emmaMalware is becoming more sophisticated, actively resisting traditional detection technologies. This development is posing new challenges to security companies. According to independent test organizations, almost one out of ten malware attacks succeed.

One in ten – sounds like a lot, but what does this mean in practice?

One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.

With this in mind, we believe that detection rate is a key factor in the value of security.

With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.

Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.

Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.

To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.

So why does detection rate matter? The answer is simple: even a single incident can be one too many.

And that’s why our aim is to “Protect the Irreplaceable.”

More posts from this topic


F-Secure Bringing a totally new Future for the Internet to SLUSH 2015

#SLUSH15 is almost here, and F-Secure’s participating in this year’s event in a big way. There’s going to be a big #smartsecurity announcement about the Internet of Things, as well as a couple of presentations from F-Secure personnel. SLUSH, a well-known exposition for startups in the tech industry, has become a huge international event. Both SLUSH and F-Secure call Helsinki home, so it’s only natural for F-Secure to be an active participant at the annual conference. F-Secure made waves last year after the cybersecurity company hacked the venue’s bathrooms to get people talking about online privacy. Several of the company’s researchers and personnel also put in appearances at last year’s SLUSH, including cyber security expert Mikko Hypponen, and F-Secure’s Executive Vice President, Consumer Security, Samu Konttinen. [youtube] [youtube] And they’re both back this year! This year, Samu will be giving a keynote address on SLUSH’s Silver Stage. His talk is called “Your home, your rules – The internet of what ifs”, and runs from 11:45am to 12:00pm (Helsinki time) on November 11th. Samu’s enthusiasm for topics related to security and online privacy will give people valuable insights into how IoT devices are creating new security challenges, and what people can do to protect themselves. Mikko will be appearing on SLUSH’s Black Stage at 9:25am (Helsinki time) on November 12th, where he’ll deliver a talk called “The Online Arms Race”. Mikko recently did an interview about this same topic for, so you can check that out if you want a quick preview about Mikko’s thoughts on this matter. You can follow all of F-Secure’s SLUSH news by following @FSecure_Sense, @FSecure_IoT, and @FSecure on Twitter.

November 10, 2015
Mikko Hypponen, Leo Laporte, Triangulation

5 things Mikko Hyppönen has learned from 25 years of fighting viruses

F-Secure Chief Research Officer Mikko Hyppönen sat down on Monday for a video chat with renowned tech journalist and broadcaster Leo Laporte on Triangulation. Laporte has admired Mikko and F-Secure from afar for more than twenty years, the host explained. So this first talk gave the two IT stalwarts a chance to talk over Mikko's nearly quarter century of work at F-Secure -- which he joined as a coder in 1991 when we were still known as Data Fellows. You can watch the whole interview below or download the audio here: [youtube] The whole show is worth your time but to get ready to mark Mikko's silver anniversary at F-Secure, we thought we'd pull out some interesting lessons he's learned in more than two decades of tangling with digital threats. Driving a forklift -- Mikko's job before joining F-Secure -- has one big advantage over being an internationally known virus hunter. Once you're done with work for the day, you don't think about your job at all. Mikko told Leo that being Chief Research Officer at a company that protects hundreds of millions of computers doesn't give you that luxury. Some early malware creators went on to some very interesting things. Mikko told Leo about his trip to Pakistan to meet the two brothers who wrote the first PC virus more than 25 years ago, which you can watch below. Basit Farooq Alvi and Amjad Farooq Alvi wrote the program for what they saw as a legitimate purpose -- preventing copyright infringement. Today the brothers along with a third brother run a successful telecommunications business. Robert Tapan Morris -- the creator of Morrisworm the first computer worm -- is a member of the Computer Science faculty at MIT and a partner in Y Combinator, which helps launch tech startups.[youtube] His number one security tip? Back up your stuff. "Back up your computer, your iPad, your phone. And back it up so you can access it even if your house burns down." The numbers when it comes to malware are huge. F-Secure Labs receives about 350,000 malware samples a day, seven days a week. "The amount of new detections we build on those samples every day is usually around 10,000... 20 [thousand] on a bad day." Mobile malware isn't a big problem -- except, perhaps, in China -- because Android and iOS are very restrictive. "If you are a programmer, you cannot program on your iPad," Mikko explained. All apps that end up in the Play or App Store have to be approved by Google or Apple respectively. This model, which Mikko compares to the PlayStation and Xbox ecosystems, may be good for security, but it does have some negative consequences. "It's also a little bit sad in the sense that when you have these closed environments, it's sort of like converting the users from producers to consumers." Mikko wrapped up the interview by explaining F-Secure's principles when it comes to protecting and respecting users' data: "We try to sell our products the old-fashioned way. You pay for it with your money, not your privacy." Cheers, Sandra P.S.: For some bonus Mikko, watch a public lecture he gave this week at Estonian Information Technology College. [youtube]

October 15, 2015