Interview: F-Secure’s Mikko Hyppönen on IoT, AI in Cybersec and Privacy

By Gabriela Vatu / November 17, 2018

He's a security expert for one of the world's biggest security companies, has a security law named after him and has been helping fight the good fight against security threats for close to three decades - Mikko Hyppönen.

The Chief Research Officer at F-Secure, Mikko Hyppönen has done a lot in his career to be proud of, he's a TED speaker, and a well-known attendee of cybersec conferences where he talks about cybersecurity, the dangers we all face, the experiences he's lived through and, of course, the Hyppönen law. The law says that "when an appliance is described as being 'smart', it's vulnerable,' which is so true, given all the news we have every day about various hacked smart appliances.

The cybersec expert was kind enough to offer TechNadu's Gabriela Vatu a quick interview and we're going to leave you to read it on your own.

TechNadu: We were discussing last year [editor's note: Gabriela and Mikko met during the 2017 ITBN conference in Budapest] that AI will become even more present in Cybersec - how have things evolved in this regard in the past year for F-Secure?

Mikko Hyppönen: Machine learning has become a crucial part of infosec. Most new security technologies rely on machine learning systems to separate important things from non-important things. We use machine learning extensively in our back-end systems.

The good news is, we're not seeing the attackers using machine learning. Not yet. One day they will become so accessible that any idiot will be able to use them. That's when we'll start seeing real attacks with machine learning capabilities.

TechNadu: The Hypponen Law says that if a device is connected to the Internet, it's vulnerable - Is there any type of IoT device that you refuse to bring into your home to protect your privacy?

Mikko Hyppönen: We can try to keep IoT devices out of houses, but we will fail. Today, it might still be doable. But we're getting closer and closer to times when even stupid, traditional devices will be calling home to their manufacturers to report stats and analytics. And very soon, they will be going online with 5G and other similar protocols, meaning that we won't be able to block them from accessing the internet even if we'd try to.

TechNadu: Let's say you're a consumer who really, really wants to automize their home, to bring in a lot of IoT appliances and so on. What do you need to do to stay safe from attacks? What should you look for?

Mikko Hyppönen: Put your IoT devices in a separate network segment. Do not allow any connectivity from the IoT segment to your production network. Keep their firmware up-to-date. Change the default credentials. Read the manuals.

TechNadu: You've been in the cybersec industry for a long time - what's one of the things you're most proud of in your career?

Mikko Hyppönen: I've been fortunate in my career, as I've had a chance to mentor young people and then watch them grow to be successful members of the infosec community. That always feels good. And we have to remember: we are the good guys, trying to fight the bad guys. That feels good too.

TechNadu: What do you do to protect your privacy online?

Mikko Hyppönen: One practical tip I have is how to avoid 'doxing'. Doxing attacks are cases where an attacker exposes your online identity, revealing your messages and so on. One way to fight this is to compartmentalize your online life. Another one is to simply have nothing to dox. For example, many users would be mortified if their Reddit username would be linked to their real-world identity, revealing all the things they've posted to Reddit over the years. Well, my Reddit username is 'mikkohypponen'. It's already tied to my real-world identity. There's nothing to dox. It also means that I can't post any random thing to Reddit, because it's all under my real name. But maybe that's good.

TechNadu: Do you believe that the option to actually pay with money rather than data for using Google, Facebook, Twitter and whatever other services is something that will actually happen in the future?

Mikko Hyppönen: Google already offers an option for me to pay for Youtube (10 euro per month). I've always said that I'd prefer to pay for Google's great services with money instead of data. However, I am not paying for Youtube even they now have that option. Why? Because even if I'd pay, they'd still track me and build a profile of me. It's like a highway robber who wouldn't ask you for your money or your life - but your money AND your life.

Do you agree with Mikko or do you have a different view on things? Would you pay for Google if you could keep your privacy? Let us know what think in the comments section below, and please share the interview online so others can find it. Visit TechNadu on Facebook or Twitter

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: