Archives for July 2020

“A seismic shift to digital independence is gaining momentum”

Cyberwatch Finland, CEO, Aapo Cederberg interviewed Harri Sundvik, Executive Chairman for Helsinki and London based cyber security company XXLSEC Oy, in early June. Harri had just returned from London to spend a few summer weeks in Helsinki. Highlights of their discussion are summarised below.

AC: Tell me a few words about your background.

HS: My roots are in Northern Finland, City of Raahe, which was once voted as the “most boring city” in Finland. Post my school years I studied in Helsinki and in London. An interview in the City of London in 1988 by JPMorgan led me to a 30 year banking career – where I have spent most of my years in investment banking work, advising Nordic companies in mergers and acquisitions and equity capital raising, most of this in technology related deals. Post front line banking I have assumed a few Board roles and started advising technology start ups in their strategy initiatives and capital raising.

AC: How did cyber security come to the picture?

HS: The first deeper engagement came though my advisory work for Nokia, which back in 2000 decided to build their new enterprise strategy around key acquisitions and partnerships with security companies. A few years later I gained a new perspective to the same topic as I became member of the European Leadership Team for Bank of America Merrill Lynch. Among the memorable highlights were management meetings where the the Bank’s almighty CTO submitted proposals for cybersecurity investments worth millions of Dollars …and every single time the vote was a resounding “Yes”…in all honesty, we simply did not know better, and would not dare to stop any plans that the technology gurus were promoting.

The latest and definitely the most interesting step came my way just a couple of years ago when my long term friend Simo Salminen introduced me to the newly established XXLSEC team, and I was given the opportunity to join the team in the early stages of the Company’s development and global sales effort.

AC: Let’s talk about XXLSEC – what makes you different in the sector?

HS: As one of the forerunners to break new ground, XXLSEC has adopted the so called “Zero Trust” model as the key building block for all development work from the very beginning. At high level, the fundamental assumption – increasingly appropriate for this day and age – is that when you are faced with technologies, your complete your own Due Diligent before you assume that the presented technology or application can be trusted. This is a huge shift in the technology world where so much has been taken “at face value” especially when presented by any of the “Big Tech” names. This Zero Trust positioning is now gaining increasing momentum on global basis, strongly endorsed by Governments and leading enterprises.

As an extension of the Zero Trust philosophy, XXLSEC has introduced a product platform which is built on the principles of Clean Hardware and Clean Software. Again, XXLSEC has been one of the leaders in implementing this important concept for modern communication platforms. The Data Rain solution, and the just released Prive TX device, are shining examples of the work by the XXLSEC team. And there is more to come for sure.

AC: What are your perspectives on cybersecurity in today’s world given your London perspective and your global contacts. What is new when you look at the big picture?

HS: Fascinating time indeed, a couple of things that I would highlight in particular. One of the big picture themes at global and country level is that of Digital Independence and Digital Sovereignty. This stems partly from the current geopolitical climate. We have seen the news about China and Russia building their own internet. Equally, the leading EU countries have raised the need for Digital platforms which are not controlled by the powers in the West or in the East. Germany and France are making very strong public statements on this matter – and are prepared to back them up with significant financial commitments. This is worth watching very closely as it has implications at multiple levels.

This drive for Independence has attracted new focus on integrity.  This is where Zero Trust gets another expression. It is  clear that in the new world trust cannot be assumed – it has to be earned every day. And a certain degree of independence is absolutely necessary to be able to “walk the talk” with integrity. This independence is not going to be free for all – a strategic and financial commitment is needed to reach this ambition.

AC: Lets move this discussion to a lower level – what is happening in the corporate world from cyber perspective?

HS: As you have seen in the corporate headlines, the traditional “Big Tech” names are “playing defence”. Their earlier dominant market position has been restricted by the competition regulations and new practices. But, most interestingly for us,  the introduction of Zero Trust is challenging the market positions even further. Small and nimble technologies with true transparency will evolve at record speed. This is, in fact; a significant positive opportunity to build competitive edge.

AC: You mentioned that cybersecurity is gaining ground in the modern Sustainability Agenda – what do you mean by that?

HS: Interestingly, cybersecurity has moved to the very top of the Sustainability Agenda with two fundamental drivers.

Firstly, appropriate cybersecurity practices and investments are de facto seen as important elements in any Company’s “license to operate”. The writing on the wall is very simple: If you have not proactively invested in your cyber security platform, and ensured, among other things, that your processes and client data is covered, you simply do not have the credentials to run your business.

The second dimension stems from the now ongoing shift of working practices where we are facing a new cyber security challenge at the every day working level. People have moved their work stations to their homes – but the cyber security front line fire-wall is still in the office! This is the ultimate “Left Behind” horror story for pretty much all corporate CTOs and CIOs. There will be a few movies and books around in a year or so simply telling the sad story of rather dramatic cyber interventions which were masterfully executed at this extraordinary time.

The increased focus on cybersecurity, and some recent high profile “accidents”, have led to another shift in mindsets and relevant strategies. In the old world the highest level of security used to be the privilege of just a handful of people or some top secret Government or military entities. In the present and new word the scope of “critical infrastructure” has increased dramatically – and the amount of people  and organizational entities requiring the highest level of security, has increased dramatically.

AC: We discussed the overriding technology shift to the Cloud – any view on this you want to share from cyber perspective?

HS: There is a real “headache” in the corporate world in the ongoing movement to use the Cloud to store and process important data. Sadly the trust and security considerations in this move have been kept in the “back-seat” all too long. The good news is that there are advanced technology solutions emerging to tackle this challenge. In particular the latest MPP/MPC based technologies are a significant step forward to create an advanced security level.  Some industries will lead the way – we will soon see multiple healthcare related applications – people have been all too trusting in this respect…

AC: I take it that living in London, you have been following the UK Government / Huawei discussion very closely. Any perspectives you may want to share – what is going to happen?

HS: This is happening as we speak, so a very tough call to make. As you remember Boris Johnson’s Government actually approved last year a limited non-core role for Huawei in the build out of the new 5G networks. Post this decision, the critical views on the decision have become stronger. The Special Committee which was asked to review the matter, is expected to come up with a new ruling sometime in June – July. It would not be a surprise to see the Johnson government tightening their ruling even further – if not blocking the Huawei access to the 5G UK market altogether.

AC: You shared a great summer picture from your north London home surroundings in Hampstead with a familiar looking red phone boot. Is there more to this romantic London picture than what meets the eye?

HS: I knew you would love the setting! But in all seriousness, this actually sumps up our conversation. As you know the British are the best in the world of sticking to things which have been “tried and tested” over the years – the red phone boot is the ultimate proxy for a comfort toy in cybersecurity: you might be tempted to thing that the old was good. But there must be a reason why these phone boots have pretty much disappeared from the face of the earth. The front line has shifted – it is time to move on – and fast!

Mr. Harri Sundvik, Executive Chairman for cybersecurity company XXLSEC Oy https://xxlsec.com/

Read the latest Cyberwatch Finland magazine

We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI

Cyber Summer Catch 2020 event

Cyberwatch Finland collaboration with Monti Stampa Furrer & Partners AG had the great pleasure inviting you to the Cyber Summer Catch 2020 event, which took place on 28th of July 2020. The Cyber Summer Catch 2020 event brought together internationally recognized cyber security experts and professionals to exchange and share their experiences and thoughts about today’s most interesting topics

Thanks a million to all our guests, amazing speakers and the team behind the scenes – What a great Day! 

Did You miss the event? Don´t worry, the recording of the event is ready and waiting all of you.

In security matters, including cyber security, is always about the values and culture as well as trust we all are looking for.

Shaping a cyber culture requires perseverance, a willingness to make an impact and to improve our knowledge, learning and leadership.

Cyber ​​hygiene arises from small, very simple steps, but they also require skill and common sense.

 Want to download the presentations of the day?

You can send us questions at any time by filling out the contact us form

 

THE PROGRAM WAS

13.00 – 13.05 Mr. Tomi Kaukinen: An overview of the event

13.05 – 13.15 Opening remarks: A Comprehensive approach to cyber security – Aapo Cederberg, CEO, Cyberwatch Finland

13:15 – 13:35 How to create Cyber culture? – Rami Efrati, Managing partner of MFSPartners Innovations

13:35 – 13:45 Comments and discussion, moderated by Tomi Kaukinen – Panelists – Cederberg, Sundvik, Monti, Pahlman and Kenttälä

13:45 – 14:15 The role of OT-security in building Cyber culture – Franco Monti, Senior Partner, MSF Partners

Case Study – Going the Extra Mile in OT Protection – From Ambition to Hard Work

The threat landscape for critical infrastructure in the utility sector has worsened this year with ransom attacks happening in OT and COVID-19 creating confusion and obstacles in daily operations. The case study presented is about a large utility company which started three years ago implementing consequently OT Monitoring and Vulnerability Management in its substations and generation facilities. After protecting its hydro and nuclear facilities they started to tackle more complex areas such as assessing and protecting its Smart Metering IIOT infrastructure, Wind and District Heating. Our client was the first utility company in Switzerland who went beyond standard OT monitoring towards far more complex facilities inside OT such as IIOT. Participants will get an introduction about their challenges and achievements during these activities.

14:15 – 14:30 Comments and discussion, moderated by Tomi Kaukinen – Panelists – Cederberg, Sundvik, Efrati, Pahlman and Kenttälä

14:30 – 14:50 Cyber hygiene, practical steps? – Jani Kenttälä, CEO, Badrap Oy

14:50 – 15:10 Digital independence and zero trust is gaining momentum – Country, Corporate and Individual level perspectives – Harri Sundvik, Executive Chairman, XXLSEC Oy

15:10 – 15:30 Comments and moderator´s findings Aapo, Franco, Rami, Harri, Sauli, Jani and Tomi discuss the topics of the day

15:30 – 15:40 Closing remarks – Aapo Cederberg, CEO, Cyberwatch Finland

The event was moderated by Tomi Kaukinen

SPEAKERS

Mr. Aapo Cederberg, CEO and Founder of Cyberwatch Finland

Aapo Cederberg is an experienced cyber security strategist and analyst. Aapo have a unique strategic-level international expertise and understanding of Hybrid threats. Aapo really understands the complexity of the cyber world and hybrid warfare as well as having comprehensive strategic management skills and experiences. He has also extensive first-hand knowledge of the military defense. He is one of the authors of the first Finnish Cyber Security Strategy.

Aapo is a founder of Cyberwatch Finland with a firm focus on helping decision- makers to establish a holistic cyber strategy, to build situational awareness, and take the necessary steps to ensure cyber resilience.

Mr. Rami Efrati, Managing partner of MFSPartners Innovations, Former Head of the Civilian Division, Israel National Cyber Bureau, Prime Minister´s Office

Rami Efrati has served in the Israel Defense Forces for more than twenty-eight years. He commanded numerous prestigious operational and technological positions in Military Intelligence and received the Creative Thinking Award from the Director of Military Intelligence. Mr. Rami Efrati, is an expert in Cyber Strategic Methods and has many years of experience in anti-terrorism and Intelligence technology. Mr. Efrati is one of the founding members and former Head the Civilian Division of the Israel National Cyber Bureau in the Prime Minister´s Office. In this capacity, he raised Israel to a leading position in the civilian aspects of global cyber-security, brought multinational companies to open cyber R&D centers in Israel. Mr. Efrati has leveraged the existential cyber-threat to Israel, into a unique business opportunity encouraging the development of a large cyber ecosystem supporting hundreds of new cyber related startups.

Mr. Efrati is currently involved in international level strategic projects for cybersecurity and innovation. He is a managing partner of MFSPartners Innovations.

Mr. Franco Monti, Senior Partner, co-owner and co-founder of MSFPartners

Franco Monti is co-owner and co-founder of MSFPartners, a Swiss cyber security boutique with offices in Switzerland and Dubai. He can draw on many years of experience in protection for critical infrastructures (IT & OT/ICS). Over this period, he has accumulated a wealth of expertise in developing cyber security strategies and drawing up complex cyber security programmes. He takes responsibility for Swiss and international projects that focus on setting up security operations centres, introducing incident management and protecting IT and OT infrastructures. Franco has graduated in engineering at the Swiss Federal Institute of Technology (ETH) and in business administration at the University of St. Gallen (HSG).

Mr. Jani Kenttälä, CEO, Badrap Oy

Jani Kenttälä Jani is a security researcher who evolved into a serial entrepreneur, today he has 21 years of experience from building security and trust. Those years have made him a strong proponent of cyber hygiene. His journey in security started 1999 at a security research group called OUSPG. In 2006 he co-founded a spin-off startup called Clarified Networks, which was later acquired by Codenomicon. When Jani worked with national CERT teams and critical infrastructure providers to improve civilian cyber defence, he saw how regular people and smaller companies also need a lot of help. Instead of falling into despair, he co-founded Badrap to democratise security information sharing.

Badrap is a new type of web service that teaches people to think and behave differently online. It explains people their past data leaks and engages them as protectors of their friends and family. Companies use Badrap for protecting their employees, as well as their cloud assets.

Mr. Harri Sundvik, Executive Chairman for cybersecurity company XXLSEC Oy

Harri Sundvik, a Finnish and British national, has lived in London since 1987.  Harri worked for JPMorgan investment Bank in London 1988 – 2006 as Managing Director and Co-Head of Nordic Investment Banking Team; and thereafter for Bank of America Merrill Lynch in 2006 – 2016 as Head of Nordic Investment Banking and Vice-Chairman for Global Investment Banking. Harri focussed on Mergers and Acquisitions and Capital raising in his investment banking years, with most of his transactions in the technology sector. Harri is currently Board member and advisor for multiple technology companies in the Nordic region and in the UK. Among others, Harri serves as Executive Chairman for cybersecurity company XXLSEC Oy.

XXLSEC Oy is a Finland based cybersecurity technology development company, which has focussed on developing secure communication platforms and solutions for multiple use domains, starting with critical infrastructure at the most demanding level, secure private networks and sophisticated communication devices. Taking “zero trust” philosophy as the foundational cornerstone, XXLSEC has introduced a number of innovative solutions to meet the requirement for secure communication of the increasingly complex world of 24/7 communication.

Sauli Pahlman, Head Of Business Development at National Cyber Security Centre FI

Sauli Pahlman is a director at the Finnish National Cyber Security Centre. Before his leadership positions he specialized in several tech-intensive areas of cyber security, such as reverse engineering, software development, OT/IT operations, data analytics and cyber security evaluations of cryptographic products. He still occasionally tinkers with software and hardware to understand what makes them tick. At NCSC-FI he leverages his cyber-risk, innovation management and cyber security experience to provide direction for the NCSC-FI’s forward-looking activities as well as the project management office. In addition to her work at NCSC-FI, he serves as an advisor for Cyblem, a provider for national cyber capability ramp up projects for large corporations, nations and cooperatives.


We think cyber.
We talk business.
We provide security.

Read more about Monti Stampa Furrer

Stay tuned!

We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI

As a guest of CyberCatch – Rami Efrati

At the beginning of the year we had the honor of having Rami as our guest to share his thoughts about the future and what changes are required in our rapidly digitalizing environment.

 

Rami Efrati; Former Head of the Civilian Division, Israel National Cyber Bureau, Prime Minister’s Office and
Aapo Cederberg CEO and Founder at Cyberwatch Finland

Last January Rami Efrati and Aapo Cederberg were keynote speakers at the Salo Cyber Talks event. Rami was talking about the Worldwide Cybersecurity Challenges in Cities ( in English) and Aapo How to build a cyber safe city (in Finnish)

Salo Cyber Talks Day One

Sorry Folks! The language of the event was mainly Finnish

Cyberwatch Finland Q2 magazine – A Passion for a Cyber Safe World

Q2 ended a few days ago in slightly windy conditions, various storm warnings have also been issued for the summer and we are following the development with interest.

Knowledge, education, digital sovereignty, leadership, the importance of digitalisation, Europe’s ability to meet the challenges of cyber security and the EU’s common goals were the main topics of discussion in the second quarter, and around these main themes we have built an interesting reading package for you.

“ While resilience has become a buzzword in Brussels in the aftermath of Covid-19, cybersecurity has not yet gained the prominence it deserves. Ideally, it would go hand-in-hand with the EU digital upskilling agenda, as an integral part of it ” wrote Henna Virkkunen and Aapo Cederberg in his editorial “ Digital independence means change in the way we think and operate at all levels. “

Thanks a Million to all the Amazing Authors!

These and many other topics are covered in our latest magazine: Why Skills Matter – The Future of the Cybersecurity Industry is Based on Skills, Knowledge and Education; Cyber Insurance; Biometric recognition is shaping our world towards mass surveillance; Safeguarding the Nation’s Critical National Information Infrastructure

Have a Good Read!

#CyberCatchFI Harri Sundvik, XXLSEC & Aapo Cederberg https://youtu.be/Gb0OgdUa6Nw

#CyberCatchFI Pasi Eronen & Aapo Cederberg Jeff Bezos case and Big Game Hunting https://youtu.be/YKQh8sJbf6c

#CyberCatchFI Timo Rinne & Kim Waltzer Country Analysis China https://youtu.be/DqPWidsPY2c

#CyberCatchFI Timo Rinne & Kim Waltzer Ransomware Kiristyshaittaohjelmat https://youtu.be/PANTeE4x9LI

#CyberCatchFI Timo Rinne & Kirsi Toppari – Talousrikollisuus siirtyy verkkoon https://youtu.be/_eRxh0eqnWc





We wish you a safe and happy summer time!

Cyberwatch Finland team

We’re on social media and we’d love you to give us a follow! You can catch us on LinkedIn and Twitter by using hashtags #cyberwatchFI #CyberCatchFI