In 2005, when Finish antivirus and cyber security specialist F-Secure was scouting for a hub in Asia to position itself for the anticipated growth in demand for security products in the region, it picked Malaysia. In 2014, the company believed that Malaysia remains one of the most conducive countries to invest in outside of Finland.
In an interview with Malaysian Business last month, current Asia Pacific and Japan regional director Keith Martin stresses that F-Secure has not changed its stance with regards to its investment in Malaysia.
“We continue to invest in our people here, to grow the business. The team here also does a lot with the back-office functionalities that keep our company operating smoothly globally so it’s been a very important part of our organisation, no question about that,” he says.
Asked if the change in government altered how F-Secure views Malaysia as a place for investment, he says: “I see no evidence that it should. It seems the new government is sorting out issues from the past, but I have not seen any negative impact so far. I think any time you try to make the government more responsive to the people, it’s always a good thing. Everything I’ve seen so far points in the direction I’d like it to go.”
F-Secure currently has a team of 150 working out of Malaysia to support the group’s customer care (24-hour), research and development (R&D), and back-office functionalities such as human resource and finance. Its office in Bangsar primarily supports the Asia Pacific region but also does some work for Europe.
Asia Pacific is an important and very strategic region for F-Secure, where it has been consistently generating double-digit growth and aims to continue to do so, says Martin.
On average F-Secure is growing faster in Asia Pacific than in other regions.
“From our business perspective, Asia Pacific is a less mature market compared to some of our other markets, and so it’s definitely been a high-growth region. I also see the demand for cyber security products and services just increasing in this region. It is definitely a hot market for sure,” Martin says.
Besides Malaysia, F-Secure’s key markets in this region are Japan and India, as well as Singapore now that it has an office there with its recent acquisition of MWR InfoSecurity in July. The Singapore market has been supported out of Malaysia prior to this.
It is also looking to growing in Taiwan, Vietnam, Thailand, Indonesia, Australia and New Zealand, where it has “great partners”, Martin says.
China is not a focus, he says, as F-Secure is a relatively small company and needs to pick its battles.
“We only have about 1,600 people today and 400 of those came because we acquired MWR. We would rather focus on our key markets and grow those rather than continually open new markets,” he says.
CYBER SECURITY TALENT: DEMAND OUTSTRIPPING SUPPLY
It is always hard to find good talent. For a booming industry like cyber security, the challenge is even more acute, given the global shortage.
“Cyber security only became a hot industry probably in the last four to five years. It hasn’t always been as dynamic as today. The industry changed and became very dynamic in a fairly short time. But you can’t make a security engineer in a year,” Martin shares.
How fast can you make one? It depends on what level of expertise you want, he says. “For example, we have a (top) consultant in Toyko who’s been doing this for 12 years and he’s still learning! It’s an ongoing process, with some natural progression. One needs to have had at least three to four years of experience in basic computer networking, in operating systems, before one can get on the security side. Then it’s probably a minimum of five years before you have somebody who have solid cyber security skills.”
KEEPING CARS AND AIRPLANE SYSTEMS SAFE
F-Secure has a fair bit of work in the automobile and airline industry — in keeping systems secure.
It does hardware security assessments for many of the major airlines out there. When an airline adds a new fleet of aircraft, rolls out WiFi or changes its WiFi provider, or upgrades its entertainment system, F-Secure gets called in to assess the system’s security before it is rolled out to the entire fleet.
It also assesses the security of the airline flight book now that flight books have gone digital.
In Japan, it just won an opportunity to do hardware consulting for a manufacturer of automobile car navigation system. It will perform hardware assessment of the system to ensure that it cannot be hacked before the system goes into full production.
The project, slated to start in late-September, would complete phase one by year end. The navigation system should go into cars sometime next year, says Martin.
F-Secure is also talking to that manufacturer as well as some other manufacturers on the assessment of self-driving cars, to ensure that those systems cannot be tampered with.
ENDPOINT PROTECTION
The importance of endpoint detection and response (EDR) cannot be stressed enough. However, Martin says it’s probably too early to say that every company should get an EDR as the market is still developing and smaller companies would not be willing to divert more budget to keeping their systems secure.
Asked if EDR, for which F-Secure has unsurpassed experience, would be a major growth point for the company, Martin says “I think it will, but I hesitate to say those words as F-Secure looks at cyber security as a mission rather than pure competition.”
A proper EDR system can be pricey. Rather than an all or nothing approach, F-Secure believes in helping companies prioritise and look at the things they can do with the budget they have.
“I often use this analogy: when you lock up your bike, you don’t need to have the best lock, you just need to have a better lock than the guy next to you!” Martin says.
EDUCATING STAFF TO MAKE YOUR COMPANY SAFER
“Educating your employees has huge benefit. We have teams of white hat hackers all over the world. It’s scary how easy it is for them to get your credentials with a phishing scheme. It takes a bit of research, a carefully worded email, a website that looks legit, and suddenly we have your login credentials and we didn’t have to hack!” says Martin.
And such education needs not be boring. MWR has a suite of managed phishing protection services (phishd) that makes education a game.
“It’s actually kind of fun. You see an email from your CEO, for example, and you’ll be like oh I’ve got a click! But wait a minute, why is the CEO writing to me? You learn to spot these phishing attempts and there is a sense of immediate success when you do. As it’s a game, there is also no danger if you happen to click on one of those links. It does not hurt you, but it does teach you what a phishing email looks like. It’s a quick 30-second lesson,” Martin says.
Gartner recently named F-Secure as a “Vendor to Watch” in its new Market Insight report that forecasts 25 billion connected devices by 2021, of which 15 billion will be in the connected home.
“One of the key challenges in the next few years will be to protect all these devices,” Gartner says.