Turn back the clock 30 years and the major vector by which malicious software spread was the 3.5 “ floppy drive. And floppy disks were also probably how you received updates to the list of programs your anti-virus software could detect. These days, things are different. Sure, your computers are Internet connected and get their virus updates – many times a day – via the Internet as well. But the population of threats has also grown, exponentially, along with the population of Internet users. In the intervening decades, there have been wave after wave of computer born menaces: from early, polymorphic worms like Anna Kournikova and I Love You, to globe spanning threats like SQL Slammer and Blaster, to state sponsored wipers like NotPetya and WannaCry.
In 2022, with ransomware now the dominant form of malicious software and the growing specter of software supply chain attacks, we may soon witness the demise of old school viruses and worms in favor of more targeted threats.
Beware: the Internet of Dumb Things!
And then there’s the Internet of Things – that global network of connected “stuff” – from home broadband routers to doorbells, lightbulbs, home appliances, cars and medical equipment. As more and more of our physical world obtains an IP address, our societies are becoming more and more reliant on Internet connectivity to power not just “smart” devices like cars and medical devices, but lots of dumb ones too: toasters, kitchen mixers and more.
In the long term, says our next guest, that could add up to a big problem, as manufacturers add connectivity, but don’t invest in strong security for devices – largely because their customers will not pay for the added connectivity, discouraging manufacturers from investing in it as well.
Malicious Software: A Thirty Year Menace
And he should know. Mikko Hypponen has been on the front lines of the battle against malware for more than 25 years. For much of that time, he was the Chief Research Officer at F-Secure. a Finnish anti malware firm where he has worked since 1991. More recently he has taken on the CRO role at WithSecure, a spin-out of F-Secure focused on enterprise security and consulting. And he’s the author of a new book, If it’s Smart it’s Vulnerable, which provides a whirlwind tour of the cybersecurity space over the past 30 years, while also making the case for greater cybersecurity investment going forward.
I met up with Mikko on the sidelines of the DEF CON convference in Las Vegas. In this talk, we discuss his long tenure as a cybersecurity expert, his new book as well as what lies aheads for both companies and consumers.
Mikko Hyponnen is the Chief Resource Officer at With Secure and the author of the new book IF its Smart Its Vulnerable. Available on Amazon.com.
Listen to the podcast using the player, above. Or click the button below to download the MP3!