Cyber Security Sauna

AI and machine learning are shaping our online experience, from product recommendations, to customer support chatbots, to virtual assistants like Siri and Alexa. These are powerful tools for enabling business - but powerful doesn't mean perfect. F-Secure data scientist Samuel Marchal and security consultant Jason Johnson join Janne for this episode to talk about some of the security issues with machine learning and how to address them. Links: Episode 55 transcript

The fallout from a ransomware attack is every organization's worst nightmare. But it doesn't necessarily have to be, if you can respond to an attack effectively. As our guests explain, there are things companies can be doing in advance to ensure a proactive response to ransomware when it happens, and to reduce the impact to the company. Incident response experts Jordan LaRose and Matt Lawrence of F-Secure join the show to discuss. Links: Episode 54 transcript Whitepaper - Incident Readiness: Preparing a Proactive Response to Attacks Webinar recording - Preparing for Success in Incident Response: Stories from the Frontline  

The role of a chief information security officer demands technical knowledge, but it also requires soft skills of leading and influencing - especially over the past year as cybersecurity has grown in visibility for companies. So how can CISOs get their security message across to boards, the business, employees and the security team? Joining Janne are two CISOs, Erka Koivunen of F-Secure and Chani Simms, co-founder and managing director of Meta Defence Labs and founder of SHe CISO Exec community, to discuss communication and the role of emotional intelligence in promoting a culture of security at every level. Links: Episode 53 transcript Report: CISOs’ New Dawn, by F-Secure and Omnisperience

Cloud computing was one of the last decade's most transformative technologies. It helped organizations launch exciting new applications and services, as well as innovate the way they operate. However, moving critical parts of IT infrastructure and operations outside of organizations' perimeters has significant security implications. The cloud is definitely here to stay, so security consultants Laura Kankaala and Nick Jones join Janne to talk about the cloud security challenges organizations are facing and will continue to face.   Links: Episode 52 transcript

Phishing is the number one vector leading to data breaches. It's an easy, effective way for attackers to trick users into giving up credentials or running malicious code. While organizations cannot stop motivated attackers from trying to phish their employees, they can make it harder to succeed. F-Secure's director of consulting, Riaan Naudé, calls this building the path of most resistance. Riaan joins the show to talk about how companies can do just that by addressing the earlier stages of the intrusion kill chain. Also in this episode: The most important metric of phishing simulation, why feedback is important, and the phishing emails users fall for. Links: Episode 51 transcript Ebook - Combating Phishing: Building the Path of Most Resistance

Infosec conferences give cybersecurity professionals a chance to network, hear the latest research, exchange ideas, and demo hacks and new tools. But with so many conferences, how do you decide which ones to attend? How can you get the most out of your experience? Are they worth your time and money? What's it like to be a presenter, or even an organizer? Janne speaks to Noora Hammar, head of comms for the Nordic security event Disobey and vice-chairwoman for HelSec Association; and F-Secure's Tomi Tuominen, founder of the T2 infosec conference. Links: Episode 50 transcript Ghost in the Locks: Hotel Room Keys can be Hacked

We thought locking up data and demanding a ransom to decrypt it was bad. But ransomware criminals have stooped even lower and now, threats of public data exposure on top of multimillion-dollar ransoms are routine tactics. What's next? Where's ransomware going in 2021? Joining us to give his take is F-Secure's chief research officer and CISO MAG's Cybersecurity Person of the Year 2020, Mikko Hypponen. Also in this episode: Ransomware's evolution, why it's mainly a Windows problem, the impact of remote work, how ransomware's industrialization affects the threat landscape, and more. Links: Episode 49 transcript

2020 has been a year no one predicted. COVID-19 made remote work the norm and shook up the attack landscape. Through it all, breaches and ransomware attacks continued to plague organizations. In this episode we're looking back at some of the trends that defined the cyber world in 2020 with F-Secure's Tom Van de Wiele and Nick Jones. Also in this episode: The supply chain attack on SolarWinds; update on the cyber skills shortage; 2020's effect on VPN, Zero Trust, and cloud; the 2020 US elections and more. Links: Episode 48 transcript

With the holiday season upon us, the already accelerated pace of online shopping is picking up even more. And more online transactions means more reasons to be careful about protecting your data from fraud like identity theft and account takeover. ID theft claims millions of victims per year, but how does it happen and how can you avoid being a victim in a world where everything's online? Olli Bliss of F-Secure joins the show with answers. Also in this episode: How attackers get your data, how they crack passwords and break into accounts, what's happening to your data on the dark web, the new trend in credit card fraud, and more. Links: Episode 47 transcript

Is iOS really more secure than Android, and why? What are the pros and cons of biometric authentication? How can you know which apps are safe to use, anyway? In this episode we dive into a range of mobile security issues. Who better to answer our questions than a couple of mobile experts? F-Secure's Ken Gannon and Ben Knutson join the show to discuss app permissions, company mobile device management, mobile hygiene tips, signs your phone's been hacked and more. Plus, is your Facebook app listening in on you, or not? Links: Episode 46 transcript Ken's Samsung S20 vulnerability writeup - RCE via Samsung Galaxy Store App

You know about malware, ransomware, spyware. But there's an increasing concern about stalkerware, a creepy breed of apps that allow someone else to digitally monitor you. What is stalkerware all about and how can you recognize it? Who plants it and why, and who are its victims? Joining the show are Eva Galperin, director of cyber security at the Electronic Frontier Foundation who also helped found the Coalition Against Stalkerware, and Anthony Melgarejo, threat researcher in F-Secure's Tactical Defense Unit. Links: Episode 45 transcript Coalition Against Stalkerware Operation Safe Escape Electronic Frontier Foundation

It's a year like none we've ever experienced. COVID-19's effects have reverberated around the world, and around cyberspace. What's been happening in the threat landscape while we were all preoccupied with the pandemic? How have cyber attackers adapted to the new normal, and how are they exploiting COVID-19? Christine Bejerasco and Calvin Gan, of F-Secure's Tactical Defense Unit, join us to discuss. In this episode: How threat actors are taking advantage of remote work; email and phishing threats; infostealers that profile company networks; and why a ransomware infection may be just the tip of the iceberg. Links: Episode 44 transcript F-Secure report: Attack Landscape H1 2020

There is no one set path to a cybersecurity career, and today's guests have arrived in the field in very different ways. Logan Whitmire comes from a military background and Derek Stoeckenius has a degree in psychology. In this episode, they share what sparked their interest in infosec, their journey to their current roles, and how their unique backgrounds influenced the way they approach their work. Also: Tips on getting into the field, and what they might have done differently if they could go back. Links:  Episode 43 transcript

Encryption plays a critical role in protecting our data from hackers and theft. But at the same time, it presents a challenge for law enforcement when it comes to their work catching dangerous criminals and terrorists. What are the possible options at the end of the encryption debate, and are any of them actually viable? How can we protect our data while still enabling law enforcement to do their jobs? Erka Koivunen, CISO of F-Secure, joins us to discuss the encryption "sweet spot" that we've currently found, why some parties want to change it, and why there are no easy answers. Links Episode 42 transcript New York Times The Daily podcast "A Criminal Underworld of Child Abuse, Part 2"

Red team testing is somewhat intrusive by nature, as it involves breaking into companies - albeit at their request - to help them improve their security. Red teamers must bluff their way past receptionists and hack into employee computers, things that would put anyone else in a lot of trouble. At what point do red teaming activities cross the line into being unethical, or even criminal? F-Secure's veteran red teamer Tom Van de Wiele stopped by to share what a red teamer is not willing to do in the name of security, why cyber security experts need a sense of ethics, and how red teamers and companies alike can make sure that their own ethical concerns are addressed. Links: Episode 41 transcript The F-Secure Guide to Rainbow Teaming

Contact tracing is a key strategy for preventing the spread of COVID-19, and smartphone-assisted contract tracing automates a laborious process. But contact tracing technologies face criticism from privacy advocates concerned about the potential for abuse. F-Secure privacy expert and global technical director Tomi Tuominen argues that the issue is a process problem, not a technology problem. Janne speaks with Tomi about contact tracing, how apps should fit into a bigger healthcare picture, and how privacy-preserving contact tracing technology should work.   Links: Episode 40 transcript Tracking COVID tracing apps in different countries, MIT Technology Review Principles for Technology-Assisted Contact Tracing, ACLU  

APT29, aka Cozy Bear or the Dukes, is a cyber espionage group whose misdeeds include famously hacking into the DNC servers in the run-up to the 2016 US election. Now, as the subject of MITRE's latest ATT&CK Evaluation, the group is in focus again. The Dukes are familiar to F-Secure's Artturi Lehtio, who extensively researched them in 2015. But hindsight is 20/20, and Artturi joins the show to discuss how his views on the group have changed since his research.  Also in this episode: How APT groups behave after being burned and why the Dukes are different; why calling them a single organization is too strong; and why published APT research has generally dwindled in recent years. Links: Episode 39 transcript The Dukes: 7 Years of Russian Cyberespionage - F-Secure whitepaper MITRE ATT&CK Evaluation: APT29 Operation Ghost - ESET No Easy Breach by Matthew Dunwoody & Nick Carr - DerbyCon 2016 Dukes activity after their "return" in 2016 - Volexity

It's the topic on everyone's minds: The new state of our world amid and after a global pandemic. Mikko Hypponen, F-Secure's Chief Research Officer, joins Janne to discuss a host of COVID-19-related security topics. In this episode: Avoiding Zoom bombers, new concerns for IT environments, COVID-19 hoaxes and spam, ransomware and hospitals, APT activity, privacy concerns of coronavirus tracking apps, and how the infosec community can help. Links: Episode 38 transcript Webinar: Mikko Hypponen - Cyber Security and COVID-19

In infosec we're used to news about digital virus infections and outbreaks. But the new coronavirus is turning the real world upside down. In many countries, it's changing the way of life for the foreseeable future, and it's already having effects in business security too. Erka Koivunen, CISO at F-Secure, joins the show to talk about the impact of this pandemic on organizations when it comes to cyber security and the shift to a remote workforce.   Links: Episode 37 transcript Coronavirus Email Attacks Evolving as Outbreak Spreads Hackers are Targeting Hospitals Crippled by Coronavirus Hackers Promise 'No More Healthcare Cyber Attacks" During COVID-19 Crisis Protecting Employees and Systems in a Time of Pandemic    

2020 marks the start of a new decade. But it's also worth taking a look back at where we've come from and what has changed in infosec. F-Secure's Christine Bejerasco joins the show to review the highlights of the last ten years - from nation state malware to ransomware to Snowden and more - and to discuss how far we have, or maybe haven't, come. Links: Episode 36 transcript