Mikko Hyppönen: WithSecure will focus on ML to fight cybercrime


Missed a Data Summit session? Watch on demand here.

As cybersecurity vendor F-Secure today announced the new name for the upcoming spin-off of its enterprise security division, now known as WithSecure, Mikko Hyppönen, the company’s longtime research director , said machine learning (ML) capabilities will be increasingly targeted as it seeks to acquire more business customers.

In particular, ML will be needed to help counter the inevitable adoption of ML by cybercriminals to automate cyberattacks, such as ransomware attacks, Hyppönen said in an interview with VentureBeat.

Hyppönen said he expects cybercrime organizations such as ransomware gangs to start using ML in this way within the next 12 to 24 months.

Currently, for cyber defenders, “our reaction is automated. Whenever there is a change on the enemy side, our systems detect it and adapt very quickly because it is ML/AI,” Hyppönen said. “So if it’s a game of ping pong, there’s a ‘ping’ coming from their side, and our ‘pong’ comes back immediately. But when they switch to automation, their reaction will also be immediate.

And when that happens, “it turns into a massively escalating race – where both sides automatically react to what the other side is doing. That’s not what we see today at all,” did he declare.

Instead, today, “we have a quick reaction. They have a slow reaction,” Hyppönen said. “So it’s going to be really obvious when that happens. And it hasn’t happened yet. And I believe that will happen in the near future.

While WithSecure plans to spin off F-Secure’s consumer security business by the end of June, AI/ML is an area where “we believe the technology we have on the WithSecure will shine – because we have automated much of our response capability,” said Hyppönen.

Greater focus

Originally founded in 1988 as Data Fellows, Hyppönen has been with the company since 1991. The Helsinki-based company was renamed F-Secure in 1999.

Now it has started the process of splitting into two publicly traded companies, with a plan for WithSecure to start trading on the Nasdaq Helsinki Stock Exchange from July 1. The consumer security side will retain the F-Secure name because it is well known as a consumer brand, especially in Europe, Hyppönen said.

The move will put more emphasis on each side of the business, especially the faster-growing enterprise security businesses, said Hyppönen, whose title at WithSecure will continue as director of research. WithSecure will have 1,400 employees and the other 300 employees will remain with F-Secure.

The company now known as WithSecure provides security consulting, managed detection and response (MDR), endpoint detection and response (EDR), incident response (IR) and others cybersecurity offerings for businesses.

“As we grew in consulting and in the MDR and EDR businesses, with bigger and bigger companies, the same brand that worked very well for home users and small businesses, did not work very well for large companies”, Hyppönen mentioned. “It took a lot of explaining – ‘Yeah, it’s the same company. But we actually have all of this expertise in world-class enterprise-level security, consulting, and incident response. »

The business-to-business side has “growing very quickly, but we’re also investing very heavily – which means it’s not very profitable at the moment,” he said.

‘Trusted partner’

In part, WithSecure aims to stand out in the cybersecurity space in part because of its long track record.

“In many ways, the security sector is about trust. And I’d like to think that we’ve proven, over the past 34 years, that we’re a trustworthy partner,” Hyppönen said.

WithSecure will also stand out for its longstanding focus on AI/ML for security. F-Secure started in the ML-based security space in 2005, Hyppönen said, which is “pretty remarkable.”

This ML experience will prove essential, in terms of what comes next from the threat of cybercrime, he said.

“We’ve been waiting all these years for our enemy to catch up with us — for malware writers and online criminals to catch up with us and start using machine learning in their attacks,” Hyppönen said.

His prediction – that this will start to happen within the next 12-24 months – is based in part on new information recently released about the amount of money some ransomware gangs have managed to rack up. Chainalysis identified over $602 million in ransomware payments made in 2021 alone (although this is likely a significant underestimate). The Conti ransomware gang led the way with at least $180 million, followed by DarkSide, the group behind the Colonial Pipeline ransomware attack.

Competition for talent

“They are certainly now wealthy enough to be able to start competing for the same [ML] skills like real companies do,” said Hyppönen. “The biggest barrier to entry to doing machine learning and AI at scale – whether for criminal or forensic purposes – is finding the skills, finding the people.”

The problem cybercriminals face is that if a professional knows how to program ML systems — “if they understand how TensorFlow works” — they don’t have to embark on a life of crime, he said.

On the other hand, “some people will always go to the dark side if it’s financially tempting enough,” Hyppönen said. “And now, as these gangs make tens of millions, hundreds of millions of dollars, I think they can start to compete with legal businesses to find the skills they need and thrive in this world.”

This development could potentially accelerate the escalation of the ransomware threat even further. According to SonicWall, the total number of ransomware attacks more than doubled in 2021, jumping 105% in the year compared to 2020.

“They are certainly now wealthy enough to be able to start competing for the same [ML] skills like real companies do.

Mikko Hyppönen, Research Director, WithSecure

Good AI versus bad AI

While some phishing attacks have used AI/ML in the past – for example, in order to produce a deepfake of a CEO to trick employees – for the most part, cyberattacks such as phishing and ransomware attacks are still exploited by humans, Hyppönen said.

This is evident from many indicators, including the fact that cybercriminals’ reaction time is not automatic at this time, he said. For example, “when we add new filters, it takes a while for them to detect it”.

ML, however, could “automatically change URLs, wrap the exploit in a different wrapper, recombine the binary – even reprogram the ransomware to evade detection,” Hyppönen said. “All of this could already be done today with automation. It’s just not done yet.

And that’s where WithSecure comes in, with its automated systems in MDR and other solution areas, to protect business customers, he said.

“When we cross the threshold of ‘bad AI,’ the only thing that can really protect you will be good AI,” Hyppönen said.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more


About Author

Comments are closed.