Juhani Hintikka, President and CEO of WithSecure Corporation (formerly the enterprise business of F-Secure Corporation), is ebullient about the company’s prospects and what it can offer its customers.
“Our slogan that reflects our ambitious vision is that nobody should be subject to a breach, at least nobody that partners with us. And that has so far been the case. I think that what sets us apart from other companies in this very busy market is the approach we take. Cybersecurity problems are so complex it’s very difficult to solve them alone. So we’ve coined the term ‘co-security’; we recognise the fact that these are complex problems that require collaboration and complementing competencies where they’re missing.”
Hintikka notes that WithSecure is focused on what he calls ‘outcome-based cybersecurity’.
“Outcome-based cybersecurity is based on the philosophy that cybersecurity should not be something separate from the overall company business goals. A good example is in the manufacturing industry, maybe they measure their uptime, and that is an important metric for them. We should support that, which would mean that we make sure that uptime target is met, and there are no problems in getting there. And we look at what are the cybersecurity measures we need to do in order to do so – aligning with their business goals.”
This approach seems to have been winning hearts and minds for WithSecure since its launch last year – and more importantly, global market share.
“WithSecure is first and foremost a technology company; we’re both a products company and a services company. We have a fairly broad SaaS-based software platform, high-end security consulting services, and managed services where we manage our own platform for customers who don’t have that capacity or capability themselves. And it’s a very exciting time for us; the business is growing. If we look at the financial sector, for example, which is our maybe our primary vertical for our consulting services, we serve six out of the 10 largest banks in the world.”
With over €100 million in annual recurring revenue, WithSecure is the largest cybersecurity company in the Nordic, with over 70% of its revenues coming from the rest of Europe. It has a large presence in the United States and Japan, as well as in Singapore and now the Philippines. “Our cloud solutions portfolio has about 30% growth which we saw last year, and we should see that continue in the near future,” Hintikka says.
He acknowledges WithSecure’s legacy and heritage, having formerly been F-Secure’s business division. “We have this history of being one of the pioneers globally in the cybersecurity market. We’ve been in the business for about 30 years. We have been building on that competence over the years, and I think there’s been a lot of foresight in certain areas. For example, everybody talks about machine learning and artificial intelligence, but we’ve been investing in that for 15 years. And the fact that we have done these investments has helped us tremendously in improving our solutions and helping our customers today.”
The split of F-Secure’s consumer and business divisions was due to the company wanting to serve its customers in both organisations in a more focused manner.
“We wanted the customers to recognize the companies differently. The story’s somewhat different for consumers; on a high level we both are protecting businesses and consumers from cyberthreats and breaches, but when you go a little bit deeper, the dynamics of the market are different. It was also important that we’re able to tell a different story to the markets that better reflects the business we we’re in,” Hintikka explains.
While WithSecure’s primary proposition is more towards the upper end of the mid-market, the company has also worked with the largest companies – as well as the smallest.
“What is driving our business is the transformation our customers are undergoing in terms of moving into public cloud environments. And that is a big change from a cybersecurity perspective as well. We are helping them make that transition, and we have developed offerings to support that transition and that portfolio. Our customers have the need for more advanced cybersecurity solutions, but they don’t necessarily have the competence of their people. This leads into us complementing that with products but also, in many cases, our services people.
“One of the benefits of having cybersecurity consulting in our company is that it gives us insight as to what’s going on, because there we are serving very, very large companies who are very advanced and also they are the target for very advanced threat attacks.”
Globally, out of WithSecure’s 140,000 customers, approximately 130,000 out of these are below 50 seats. Hence, the company seeks to make its products very user friendly.
“We have automated interaction. If you’re a very, very small company, you’re welcome to work with us. We have tried to make it simple so that you can interact with us through an interface where you can place your orders and then do all the necessary interaction, rather than involve salespeople in general. We think that you can benefit from our offerings; one of the good things about our product offering is that it’s modular in nature. You can start small and then you can expand and everything works out on the same platform. You can grow and get more out of it.
WithSecure has 15 offices around the world and employs 1300 people globally. Its presence in Kuala Lumpur, Malaysia stretches back to 2005.
“I think the next opportunity in Asia will come in markets like Philippines, Malaysia, Thailand, Indonesia, and Vietnam as well. We bring enterprise grade capabilities to mid-market customers. We’re going to start seeing more and more demand and of course, when we hear about high-profile breaches or large companies talk about their challenges, that helps create the awareness which creates demand as well. So we’re getting ready to tap into that in Asia.”
WithSecure puts its own business through the cybersecurity gauntlet. “We are also a company that wants to protect our operations. We’ve taken the decision to elevate the role of the CISO to the leadership team. Our Chief Information Security Officer reports to me; she’s the global leadership team. Her mission is to safeguard us – our operations, our people, our customers – but she’s also tasked to build us into something which could be a showcase for our customers.
“Of course, there are the products and solutions, you also need to look into the into the processes; understand how the companies operate. Security should be an inbuilt thing; everything should be designed for security. That is one thing that you need to do, and the second thing is how you train your people and make them security aware. Cybersecurity is much more than just using cybersecurity tools and processes. It is about good IT hygiene, where many of the things that make companies secure are related to how you use IT. Do you have the latest updates? Do you have the patches? How much legacy IT infrastructure do you have? So you need to train the people. We require all of our people to go through training; myself included.”
Gopi Ganesalingam, Senior Vice President of Digital Exports at Malaysia Digital Economy Corporation (left in main pic, at right is WithSecure Asia-Pacific Regional Director Yong Meng Hong), applauds WithSecure having made Malaysia its regional hub.
“We welcome companies like WithSecure that have invested into Malaysia because we’ve nurtured an ecosystem that’s vibrant for cybersecurity. We’re able to see a lot of traction in the cybersecurity field, particularly in trying to address scams. I think WithSecure is a perfect example for Malaysia; a success story of how we attract global brand names to come into Malaysia and work with the local ecosystem.”
Aside from issues surrounding data sovereignty and infrastructural matters such as fibre-optics and 5G under JENDELA, MDEC has set up initiatives around talent development, particularly in terms of upskilling and reskilling.
“Cybersecurity is definitely one of those upskilling facilitations, initiatives that we have undertaken to make sure there’s enough cybersecurity personnel or talent in the market to be able to serve the FDI that is coming in, and to be able to serve the local companies are moving up together.
“Talent is of utmost importance; it’s an ongoing challenge purely because technology is moving so fast. MDEC has intervened in the modules taught in 25 universities, because technology’s moving faster than the knowledge of the professors. So we have brought in the private sector. WithSecure, if they can be a part of the programme where we can go into universities and teach the technology that WithSecure has got, that that’s very commendable for both for the university and WithSecure.”
Hintikka agreed with Ganesalingam on the matter of talent. “It’s clear there’s a shortage of talent; we have means of addressing that, and one of them is in fact collaboration with universities. We’re continuously training. We’ve seen a lot of attrition. And I think the attrition rates have been fairly high in the cybersecurity industry, especially in consulting services. People don’t recognize that our people kind of go to war when they open their computer and start looking for threats and monitoring suspicious activity and things like that. It can be stressful.
“On the positive side, many people join this industry or companies that they feel that they’re doing something good that there is a real purpose in their work. It’s not only about the compensation and things like that, but there’s also something which is more than that, and at least according to our own internal surveys, that’s a big driver for people to stay at our company,” concludes Hintikka.
