Mikko Hyppönen, a globally recognized cybersecurity expert, has recently announced his transition from his role as Chief Research Officer at WithSecure to join the Finnish anti-drone technology company Sensofusion, effective this August. With over 30 years of experience in the cybersecurity field, Hyppönen is recognized worldwide for his insightful talks, writings, and perspectives on digital security. In 2022, Hyppönen joined LOUHE as an advisor and angel investor. Having known LOUHE’s founder, Jukka Laakso, for more than two decades, their collaboration began naturally. Hyppönen sees LOUHE as operating in a rapidly growing market, one where very few are capable of offering truly holistic solutions.
We sat down with Hyppönen to discuss the future of cyber-physical security and how organizations should prepare for emerging threats and opportunities.
From Separate Domains to Unified Security
“Security is security. There’s no sense in treating cybersecurity and physical security as separate silos,” Hyppönen states decisively at the outset.
According to him, many organizations have already established solid cybersecurity practices, but the integration between physical and digital security is still in its infancy.
“The situation reminds me of the 1990s, when IT and telecommunications departments operated separately. Eventually, we realized everything was connected through data networks, and merging them was the only logical step. The same is happening now in the field of security.”
Combining the two is not only logical, it’s essential. Compatibility between systems allows for better visibility, which Hyppönen sees as the foundation of all protection: “You can’t protect what you can’t see or don’t know exists.”
Visibility First
The biggest challenge organizations face, Hyppönen says, is the lack of visibility. Before you can protect anything, you need to know what exactly needs protecting, whether it’s a factory, a database, an office, or a server room. Once there’s a clear picture of what “normal” looks like, it becomes easier to detect anomalies.
“You don’t have to identify evil, just the unusual. If an employee is in a building that they usually never visit, at 3 a.m., that might signal a security issue.”
Future Threats – and How to Respond
Hyppönen believes the future will bring more cyberattacks with physical consequences. For example, ransomware attacks can halt production in manufacturing facilities, causing downtime that may cost more than the ransom itself.
“We already understand risks like fire or flooding as part of risk management, but now we’re facing a new kind of attacker, one that tries to break in every day. Cyberthreats are constant and active.”
Artificial intelligence will also play a key role in tomorrow’s security landscape. AI can be used to learn patterns of normal activity and flag deviations. Hyppönen calls AI the most significant technological revolution since the rise of the internet.
Responsibility Starts at the Top
Cyber-physical security is not just an IT issue—it’s a matter for executive leadership.
“If there’s no technological understanding in the boardroom, this topic often gets overlooked. Leaders need to know how to ask the right questions, and you don’t need an engineering degree for that.”
For companies just beginning to integrate physical and cybersecurity, Hyppönen sees one critical first step: inventory what needs protecting, and ensuring visibility. Airports, he notes, are a good example: there’s already a wealth of data being collected, but it’s not yet fully utilized to detect anomalies.
LOUHE’s Role: Bridging Expertise and Technology
As Hyppönen states, building robust security solutions is not the core business of most organizations.
“LOUHE is among the world’s leading experts in this field. Clearly, a traditional industrial company shouldn’t be developing its own security system from scratch.”
LOUHE’s mission is to bridge the old and the new, to help companies adopt solutions that seamlessly integrate physical and digital security.
The Future of Security
When we asked Hyppönen for a bold prediction about the future, he didn’t hesitate:
“A major disaster is coming, an attack where the physical world is harmed through cyber means. Only then will many begin to take these threats seriously.”
One of the most important takeaways for organizations?
“We don’t have dumb users. We have dumb systems. Security should never be the end user’s responsibility.”
Still, despite these looming threats, Hyppönen’s outlook remains optimistic:
“We’ve made enormous strides over the past decade. We’re building more secure systems every day, and we’re moving in the right direction.”
