We are all used to the line “Possible Spam” popping up in our inbox – the likelihood is that it will be spam but we are all forced to waste valuable seconds every time we hit Send & Receive as we check, just in case. Spam is a modern-day epidemic and thankfully there are companies whose mission it is to cure it.
And it’s not just spam, which takes its name from the acronym CAN-SPAM: Controlling the Assault of Non-Solicited Pornography And Marketing Act (2003, US). It is also the threat from worms, viruses and malware (software designed to infiltrate and wreak havoc inside computer systems). In fact, it is all Robert Morris’s fault. In 1988, this Cornell grad inadvertently launched the most famous worm (a self-replicating computer program designed to harm networks) that brought the fledgling internet to its knees.
During the same year, Finnish computer-science student Risto Siilasmaa started F-Secure. Despite Morris’s infamous boob – which cost him a $10,000 fine and inspired a new criminal subculture – F-Secure was initially founded to help companies install computer systems. By the mid-1990s, however, the group realised the potential threat that malware and similar viruses posed to all computer users and added security to its services.
Today the company is one of the largest providers of internet and computer antivirus software generating revenues of €80.7m in 2006. If you use a PC then the chances are that F-Secure will provide the security. Last November, Siilasmaa stepped down as CEO to assume the role of chairman and was replaced by fellow Finn, Kimmo Alkio. Alkio invited Monocle to the F-Secure headquarters in Helsinki to discuss his new role and the prospects for this futuristic industry.
M:Why did you return to F-Secure after your stint at Nokia?
KA: I was at Nokia for two years and I never thought I’d leave, but given the opportunity to run another company in the hi-tech sector and the higher purpose that F-Secure serves, I couldn’t turn it down. CEO handovers at publicly listed companies can be notoriously shaky, but we have managed an exceptionally smooth transition in the past six months.
M:Tell us about F-Secure’s higher purpose.
KA: It is not just to create and maintain practical antivirus or anti-malware systems for day-to-day use. Our real role is to enable society to use the open internet as safely as possible. We want to provide safe access to the internet for everyone, and in particular to those who are new to it and deserve secure access to information without getting screwed – people in less developed markets such as India.
M:So where are all these viruses, worms and spam emails coming from?
KA: I don’t think anyone can name just one market where the threats are coming from but a lot of spam writers are in the US – here there is a great deal of money to be made in spam. People in lesser-developed markets haven’t cottoned on to the money-making opportunities yet.
M:How? Who really answers spam emails?
KA: Some 80 to 90 per cent of email traffic is spam. Western European statistics show that 45 to 50 per cent of people who have received spam part with their cash as a result. That is incredible! A common cheat is the penny stock scam. Spam writers choose a stock market and fire off emails to five million addresses claiming that there is a great opportunity to buy stock that is forecast to rise to, say, 32 cents. The spam writer drives demand, people buy, it rises to 15 or 20 cents and then the writers who have bought the stock sell it off. Very clever.
M:How does antivirus software work?
KA: We have a lot of researchers with deep technical knowledge who can break out any code and use mechanisms to identify the piece of code that creates the undesired behaviour. That is the strain we use to write the cure, just like a medical vaccine. To date there are roughly 300,000-plus known pieces of malware and we have a cure for them all. Every day we write the cure against new ones. This gives us an antivirus signature database which we update to PCs and other devices as often as possible.
M:Do you create viruses to prevent them?
KA: Never. It is very important to note that we never ever write viruses. That is a key principle that we have as a company.
M:So who protects the protector?
KA: Our industry is in a unique position – we operate as a network. While anti-malware vendors like ourselves compete fiercely against each other as businesses, there is great collaboration technically. We as an industry receive virus samples from our subsidiaries, retail partners and other vendors. We also collaborate with CERTs [Computer Emergency Response Teams] that are sponsored by governments. We don’t have the authority to shut people down, but we inform the CERTs. We recently supported the Estonian government when constituents’ computers were breached by Russian attackers who had been provoked by Estonia’s removal of a Russian war memorial. Our researchers had technical insight into the problem, solved it and then shared that information with others.
M:Where do you find your researchers? Are they all ex-hackers and cyberpunks?
KA: Ha ha! No, we are represented by a broad range of nationalities. They have strong backgrounds in computer science and mathematics. Being a malware researcher is a highly valued profession and they are among the most important folks in the company. We have grown by about 100 people to roughly 540 in the past year, doubling the industry average.
KA: Two things. Mobile communications and emerging markets. People already see the need for anti-malware on their PC, but now, with the launch of 3G smartphones, we need it on our mobiles. Both phone manufacturers and operators want to prevent viruses in their hardware and on networks. Our applications already sit with the Nokia N and E series. We have been a pioneer by investing quite heavily in mobile for years.
M:And emerging markets?
KA: We in the West think that we are in a well-developed internet economy. Wrong. Only 17.8 per cent of the world’s population is online. Our most recent expansion is in Asia and typically India via our other HQ in Kuala Lumpur. If you look to India, they are projected to grow from eight million internet users this year to 20 million in 2010. Their awareness of internet security is very low; in other words, millions of PCs can be used as relay stations to unwittingly attack PCs and mobiles elsewhere around the world. It’s a scary thought, but something we are working towards preventing.
1984 - BBA degree from Texas A&M University and Executive MBA degree from Helsinki University of Technology.
1987 - Fourteen years with Digital Equipment Corporation and Compaq Computers based in Switzerland, Germany and the US.
2001 - Appointed COO, F-Secure.
2005 - Becomes vice president for Nokia’s consulting & integration business.
2006 - President and CEO of F-Secure.