Tag: infosec

Digital natives are not cybersecurity natives

Digital natives are not cybersecurity natives

At TurkuSec meetup in April, I had the opportunity to share my insights on a pressing issue we’ve been researching lately at F-Secure: the cybersecurity challenges faced by digital natives. These are individuals who have grown up with fast internet and personal screens, making them uniquely vulnerable to online threats. Our research highlights some concerning trends among young adults aged 18-24:

  • 45% of 18-24-year-olds have fallen victim of cybercrime in the past 12 months
  • 45% of 18-24-year-olds have encountered scams at least weekly in the past 12 months

Understanding the risks

The online world presents numerous risks for digital natives, including:

  • Social media scams: phishing attacks and fraudulent profiles that trick users into divulging personal information or sending money.
  • Gaming platform vulnerabilities: in-game scams, account hacks, and data breaches that expose personal and financial information.
  • Educational system vulnerabilities: compromised online learning platforms that can lead to data theft and privacy violations.

In my talk, I emphasized the necessity of cybersecurity education tailored specifically for digital natives. This education should focus not only on the dangers but also on empowering young people to navigate the digital world securely and confidently.

For those who missed the talk or want to explore the topic further, I’ve uploaded the full presentation, including slides, on X (adblockers might hide the embedded video, but you can see it by opening the X post in a new tab). Timestamps below 👇

Master Your Passwords

Master Your Passwords

Originally written for F-Secured – Your complete guide to online security in 2023.
Republished here with permission.

On a weekly basis you’re likely using around 10 different accounts, but did you know that on average each of us already has close to 100 online accounts? Most of us can’t even name all the sites we’ve been creating accounts for – think about all the webstores you’ve made a single purchase from, or perhaps those mobile apps that force an account creation in order to function. Now, if we don’t even remember all the services we’ve signed up for, how could we remember all the required passwords?

Continue reading “Master Your Passwords”

Everyman’s Cyber Defence

Everyman’s Cyber Defence

The following is my translation of “Jokamiehen kyberpuolustus”, Everyman’s Cyber Defence, a short snippet from publicly available document #kyberpuolustus : kyberkäsikirja Puolustusvoimien henkilöstölle (2019) by Laari, Flyktman, Härmä, Timonen and Tuovinen. Source material is encrypted in Finnish and free to download from National Defence University of Finland’s website. I intend no copyright infringement and share this as cyber security awareness material for public interest.

Continue reading “Everyman’s Cyber Defence”

What is Ransomware 3.0?

What is Ransomware 3.0?

I believe there’s a pretty clear consensus within the industry that ransomware should not be mistaken anymore to limit itself to just encrypting files and demanding payment for a decryption key. Dubbed by F-Secure “Ransomware 2.0”, now the standard practice for ransomware groups includes also stealing files from the target company in order to increase the leverage for ransom. Proper backups are an antidote to encrypted files but won’t help against the threat of stolen data being leaked.

Although this double extortion scheme has been the new modus operandi only since late 2019, cyber criminals are already looking for additional ways to apply pressure to their victims. This is where Ransomware 3.0 comes in.

Continue reading “What is Ransomware 3.0?”

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Recently I was invited to KOVA Esports podcast to talk about cyber security, online privacy and identity management from the perspective of gamers and gaming industry in general. Hosted by KOVA’s General Manager Timo Tarvainen and joined by their streamer Teemu “Spamned” Rissanen, we had a great one-hour long discussion. This post covers my own notes about the things we mentioned, source links included, and further expands on some of the topics. Links to the podcast episode can be found on the bottom of the page. Enjoy!

Continue reading “Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure”

I Have Been Pwned… Five Freaking Times and Counting!

I Have Been Pwned… Five Freaking Times and Counting!

When I started drafting this blog post a while back, the title was “I Have Been Pwned Twice Already”. That number has since risen to five, and I’m assuming it will continue to rise as old breaches come to light and some long forgotten accounts get popped. So far, no immediate harm has been caused to me from these breaches, and I’ll contribute that silver lining to the reactive and since then proactive steps I’ve taken to ensure that’s the case now and in the future. This is how also you can harden your online presence against these (inevitable) breaches.

Continue reading “I Have Been Pwned… Five Freaking Times and Counting!”

10 OPSEC Tips That Everyone Should Follow

10 OPSEC Tips That Everyone Should Follow

Following in the footsteps of two great guides, “10 Commandments for a Safer Internet” and “0x0A Hack Commandments”, I was inspired to give something back to the community. For the average Joe, operational security – or OPSEC for short – is basically just about risk management through identifying specific pieces of information requiring protection, and employing measures to protect them. Sounds intimidating? Don’t worry, because you’re already doing it.

Continue reading “10 OPSEC Tips That Everyone Should Follow”

Brief Recap of This Year’s MCSI Results – With an Infographic!

Brief Recap of This Year’s MCSI Results – With an Infographic!

Yesterday was the international Safer Internet Day, and also the day that second annual Microsoft Computing Safety Index’s results were published. Research was done globally on a massive scale; over 10,000 PC, smartphone and tablet users in 20 countries and regions were surveyed. The results? Outright troubling.

Continue reading “Brief Recap of This Year’s MCSI Results – With an Infographic!”

Cyber Safe Holidays!

Cyber Safe Holidays!

Holidays have been even more exciting than usual here in Finland, but not in a good way. Apparently cyber criminals aren’t aware of the concept of Christmas peace, and multiple cyber attacks have taken place against some major Finnish websites and servers. During 20.-21.12., several Finnish Joomla-servers had been DDoS-attacked and infected with Brobot-malware. Then between 25.-27.12., at least the websites of Helsingin Sanomat, Iltasanomat, Iltalehti, MTV3, Nelonen and Yle were also under DDoS-attacks. For Finns, I highly recommend following CERT-FI in Twitter – they’re The National Computer Security Incident Response Team of Finland, and give all the official information about cyber attacks, and useful security tips too.

Continue reading “Cyber Safe Holidays!”