Non-profit organizations play a crucial role in our well-being. In many parts of the world, they’re a major source of education, health care, social services, and more. And while they’re not in it for the money, they remain a target for cyber attacks, just like other organizations. Why is this case? What can and should be done about this? In this episode, Adrien Ogee, Chief Operating Officer for the CyberPeace Institute, a non-governmental organization that helps defend the security, dignity, an...
Feb 28, 2022•37 min•Ep 65•Transcript available on Metacast With 2021 now behind us, it’s time to revisit the highs and lows of the past 12 months, and look ahead to what we can expect in the months ahead. To mark the year’s end, we recorded a special two-part episode of Cyber Security Sauna. F-Secure’s Chief Research Officer Mikko Hypponen , Security Consultant Adriana Verhagen , and AI researcher Andy Patel join episode 64 to share their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode: regulating...
Jan 24, 2022•50 min•Ep 64•Transcript available on Metacast 2021 is drawing to a close, and it’s time to look back on the events of the past year. At the same time we look ahead to the brand new year to come. Welcome to part one of a special two-part episode of Cyber Security Sauna. In this episode we’re joined by F-Secure’s Chief Research Officer Mikko Hypponen , Security Consultant Adriana Verhagen , and AI researcher Andy Patel , to hear their key takeaways from 2021, and thoughts on important issues we’ll face in 2022 and beyond. In this episode: cyb...
Dec 29, 2021•51 min•Ep 63•Transcript available on Metacast The remotely exploitable Log4j zero day vulnerability disclosed just a few days ago has been called one of the most serious vulnerabilities to date. So what is it all about, and what does it mean for organizations? How is it being exploited? What are the risks, and what can you do if you're waiting for a patch? F-Secure CISO Erka Koivunen joins Janne to break down the issue, and explains why this vulnerability should be a wakeup call for security practitioners and developers. Links: Episode 62 t...
Dec 14, 2021•18 min•Ep 62•Transcript available on Metacast The topic of application security has never been more important. So how are companies approaching appsec? What should companies do to ensure appsec gets the attention it needs? Antti Tuomi , who works in Japan, and Antti Vaha-Sipila (known as AVS), from Finland, join the show to share their thoughts on changes in application security, shifting left, supporting developers, "level boss testing," and much more. Links: Episode 61 transcript...
Nov 24, 2021•43 min•Ep 61•Transcript available on Metacast Biometrics have gotten a lot of attention in recent years. Biometric authentication systems have the potential to take the place of passwords, streamlining the user login experience. But there are a lot of considerations before taking these systems into use. When should they be used, and how? What are the risks, and when should biometrics be approached with skepticism? Security expert Vic Harkness and red teamer Tom Van de Wiele join Janne to talk about the advantages and disadvantages of biomet...
Nov 02, 2021•38 min•Ep 60•Transcript available on Metacast Cyber crime is a constantly evolving game. As soon as new technology is introduced, attackers start figuring out how to exploit it for malicious purposes. No one understands this better than F-Secure Chief Technology Officer Christine Bejerasco . Christine joins Janne to discuss the changing world of cyber crime, and how companies can avoid having their new technologies exploited by taking a secure-by-design approach. Links: Episode 59 transcript...
Oct 11, 2021•36 min•Ep 59•Transcript available on Metacast Data breaches and other security incidents have become a frequent, severe problem for organizations. But with incident responders in short supply, there are fewer professionals available to help organizations in their hour of need. We're joined this episode by F-Secure incident response consultant Eliza Bolton , who successfully transitioned to cybersecurity from the nursing profession, and F-Secure's head of incident response, Matt Lawrence . Matt and Eliza share their views on tackling the cyb...
Sep 20, 2021•28 min•Ep 58•Transcript available on Metacast After data breaches and ransomware attacks, we often hear that customer information was leaked to the dark web. This obviously can have serious implications for both companies and individuals, but for many of us, the dark web is as mysterious as it sounds. So what is the dark web all about, and what's happening there? How does it affect companies and regular people? F-Secure's Laura Kankaala and Elias Koivula join the show to help to help demystify the topic. Links: Episode 57 transcript...
Aug 17, 2021•32 min•Ep 57•Transcript available on Metacast Ransomware payment amounts have skyrocketed over the past year. As threat actors keep getting richer, they have more resources to fuel their operations. Many people argue that the way to discourage ransomware is to implement an outright ban on ransom payments. Is this suggestion idealistic or realistic? How would such a ban affect companies, and what are the alternatives? Päivi Tynninen of the Finnish National Cybersecurity Center and Jordan LaRose of F-Secure join us to share their views. Links...
Jul 15, 2021•36 min•Ep 56•Transcript available on Metacast AI and machine learning are shaping our online experience, from product recommendations, to customer support chatbots, to virtual assistants like Siri and Alexa. These are powerful tools for enabling business - but powerful doesn't mean perfect. F-Secure data scientist Samuel Marchal and security consultant Jason Johnson join Janne for this episode to talk about some of the security issues with machine learning and how to address them. Links: Episode 55 transcript...
Jun 23, 2021•36 min•Ep 55•Transcript available on Metacast The fallout from a ransomware attack is every organization's worst nightmare. But it doesn't necessarily have to be, if you can respond to an attack effectively. As our guests explain, there are things companies can be doing in advance to ensure a proactive response to ransomware when it happens, and to reduce the impact to the company. Incident response experts Jordan LaRose and Matt Lawrence of F-Secure join the show to discuss. Links: Episode 54 transcript Whitepaper - Incident Readiness: Pre...
May 27, 2021•37 min•Ep 54•Transcript available on Metacast The role of a chief information security officer demands technical knowledge, but it also requires soft skills of leading and influencing - especially over the past year as cybersecurity has grown in visibility for companies. So how can CISOs get their security message across to boards, the business, employees and the security team? Joining Janne are two CISOs, Erka Koivunen of F-Secure and Chani Simms , co-founder and managing director of Meta Defence Labs and founder of SHe CISO Exec community...
Apr 28, 2021•34 min•Ep 53•Transcript available on Metacast Cloud computing was one of the last decade's most transformative technologies. It helped organizations launch exciting new applications and services, as well as innovate the way they operate. However, moving critical parts of IT infrastructure and operations outside of organizations' perimeters has significant security implications. The cloud is definitely here to stay, so security consultants Laura Kankaala and Nick Jones join Janne to talk about the cloud security challenges organizations are ...
Apr 06, 2021•42 min•Ep 52•Transcript available on Metacast Phishing is the number one vector leading to data breaches. It's an easy, effective way for attackers to trick users into giving up credentials or running malicious code. While organizations cannot stop motivated attackers from trying to phish their employees, they can make it harder to succeed. F-Secure's director of consulting, Riaan Naudé , calls this building the path of most resistance. Riaan joins the show to talk about how companies can do just that by addressing the earlier stages of the...
Mar 11, 2021•36 min•Ep 51•Transcript available on Metacast Infosec conferences give cybersecurity professionals a chance to network, hear the latest research, exchange ideas, and demo hacks and new tools. But with so many conferences, how do you decide which ones to attend? How can you get the most out of your experience? Are they worth your time and money? What's it like to be a presenter, or even an organizer? Janne speaks to Noora Hammar , head of comms for the Nordic security event Disobey and vice-chairwoman for HelSec Association ; and F-Secure's ...
Feb 18, 2021•35 min•Ep 50•Transcript available on Metacast We thought locking up data and demanding a ransom to decrypt it was bad. But ransomware criminals have stooped even lower and now, threats of public data exposure on top of multimillion-dollar ransoms are routine tactics. What's next? Where's ransomware going in 2021? Joining us to give his take is F-Secure's chief research officer and CISO MAG's Cybersecurity Person of the Year 2020, Mikko Hypponen . Also in this episode: Ransomware's evolution, why it's mainly a Windows problem, the impact of ...
Jan 19, 2021•32 min•Ep 49•Transcript available on Metacast 2020 has been a year no one predicted. COVID-19 made remote work the norm and shook up the attack landscape. Through it all, breaches and ransomware attacks continued to plague organizations. In this episode we're looking back at some of the trends that defined the cyber world in 2020 with F-Secure's Tom Van de Wiele and Nick Jones. Also in this episode: The supply chain attack on SolarWinds; update on the cyber skills shortage; 2020's effect on VPN, Zero Trust, and cloud; the 2020 US elections ...
Dec 30, 2020•36 min•Ep 48•Transcript available on Metacast With the holiday season upon us, the already accelerated pace of online shopping is picking up even more. And more online transactions means more reasons to be careful about protecting your data from fraud like identity theft and account takeover. ID theft claims millions of victims per year, but how does it happen and how can you avoid being a victim in a world where everything's online? Olli Bliss of F-Secure joins the show with answers. Also in this episode: How attackers get your data, how t...
Dec 09, 2020•39 min•Ep 47•Transcript available on Metacast Is iOS really more secure than Android, and why? What are the pros and cons of biometric authentication? How can you know which apps are safe to use, anyway? In this episode we dive into a range of mobile security issues. Who better to answer our questions than a couple of mobile experts? F-Secure's Ken Gannon and Ben Knutson join the show to discuss app permissions, company mobile device management, mobile hygiene tips, signs your phone's been hacked and more. Plus, is your Facebook app listeni...
Nov 12, 2020•35 min•Ep 46•Transcript available on Metacast You know about malware, ransomware, spyware. But there's an increasing concern about stalkerware, a creepy breed of apps that allow someone else to digitally monitor you. What is stalkerware all about and how can you recognize it? Who plants it and why, and who are its victims? Joining the show are Eva Galperin , director of cyber security at the Electronic Frontier Foundation who also helped found the Coalition Against Stalkerware , and Anthony Melgarejo , threat researcher in F-Secure's Tactic...
Oct 05, 2020•25 min•Ep 45•Transcript available on Metacast It's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan , of F-Secure's Tactical Defense Unit, join us to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing threat...
Sep 17, 2020•31 min•Ep 44•Transcript available on Metacast There is no one set path to a cybersecurity career, and today's guests have arrived in the field in very different ways. Logan Whitmire comes from a military background and Derek Stoeckenius has a degree in psychology. In this episode, they share what sparked their interest in infosec, their journey to their current roles, and how their unique backgrounds influenced the way they approach their work. Also: Tips on getting into the field, and what they might have done differently if they could go ...
Aug 24, 2020•23 min•Ep 43•Transcript available on Metacast Encryption plays a critical role in protecting our data from hackers and theft. But at the same time, it presents a challenge for law enforcement when it comes to their work catching dangerous criminals and terrorists. What are the possible options at the end of the encryption debate, and are any of them actually viable? How can we protect our data while still enabling law enforcement to do their jobs? Erka Koivunen , CISO of F-Secure, joins us to discuss the encryption "sweet spot" that we've c...
Jul 30, 2020•30 min•Ep 42•Transcript available on Metacast Red team testing is somewhat intrusive by nature, as it involves breaking into companies - albeit at their request - to help them improve their security. Red teamers must bluff their way past receptionists and hack into employee computers, things that would put anyone else in a lot of trouble. At what point do red teaming activities cross the line into being unethical, or even criminal? F-Secure's veteran red teamer Tom Van de Wiele stopped by to share what a red teamer is not willing to do in t...
Jun 29, 2020•35 min•Ep 41•Transcript available on Metacast Contact tracing is a key strategy for preventing the spread of COVID-19, and smartphone-assisted contract tracing automates a laborious process. But contact tracing technologies face criticism from privacy advocates concerned about the potential for abuse. F-Secure privacy expert and global technical director Tomi Tuominen argues that the issue is a process problem, not a technology problem. Janne speaks with Tomi about contact tracing, how apps should fit into a bigger healthcare picture, and h...
May 27, 2020•27 min•Ep 40•Transcript available on Metacast APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio , who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research. Also in this episode: How APT group...
May 06, 2020•35 min•Ep 39•Transcript available on Metacast It's the topic on everyone's minds: The new state of our world amid and after a global pandemic. Mikko Hypponen , F-Secure's Chief Research Officer, joins Janne to discuss a host of COVID-19-related security topics. In this episode: Avoiding Zoom bombers, new concerns for IT environments, COVID-19 hoaxes and spam, ransomware and hospitals, APT activity, privacy concerns of coronavirus tracking apps, and how the infosec community can help. Links: Episode 38 transcript Webinar: Mikko Hypponen - Cy...
Apr 16, 2020•23 min•Ep 38•Transcript available on Metacast In infosec we're used to news about digital virus infections and outbreaks. But the new coronavirus is turning the real world upside down. In many countries, it's changing the way of life for the foreseeable future, and it's already having effects in business security too. Erka Koivunen , CISO at F-Secure, joins the show to talk about the impact of this pandemic on organizations when it comes to cyber security and the shift to a remote workforce. Links: Episode 37 transcript Coronavirus Email At...
Mar 24, 2020•21 min•Ep 37•Transcript available on Metacast 2020 marks the start of a new decade. But it's also worth taking a look back at where we've come from and what has changed in infosec. F-Secure's Christine Bejerasco joins the show to review the highlights of the last ten years - from nation state malware to ransomware to Snowden and more - and to discuss how far we have, or maybe haven't, come. Links: Episode 36 transcript...
Mar 16, 2020•35 min•Ep 36•Transcript available on Metacast 
