Camellia Chan, CEO of Flexxon: “‘Generative AI is a goldmine for cybercriminals”
If you want to better understand how dynamic the cybersecurity industry is, simply read through our interview with Camellia Chan, CEO of Flexxon. This is an AI hardware security company that won the prestigious WIPO Global Award in 2023 and is growing almost as quickly as AI-based security threats, having recently expanded into the USA.
“Generative AI is a goldmine for cybercriminals,” Camellia tells us. “It lowers the bar so that they no longer need to be experts in coding, or wordsmiths who can produce authentic-looking phishing emails or texts.”
But there is a but: “[When Gen AI is] used for good it is a game-changer. It has strong potential to automate various elements within the cybersecurity response chain, such as automated incident response, analysis and reporting.”
This is just the start, too, but we’ll let you read the full interview to find out more. And you’ll also discover Camellia’s thoughts on the biggest cybersecurity challenges facing companies right now, the role governments need to play and how anyone interested in this sector should get involved.
And in case you’re wondering why we think Camellia is so worth listening to, aside from being CEO of such a cutting-edge she was named one of Singapore’s Top 100 Women in Tech 2023 and was shortlisted in IT Security Guru’s Most Inspiring Women in Cyber 2024. So definitely keep reading!
Worth a read: Simon Horswell, Senior Fraud Specialist at Onfido: “Artificial intelligence is a key weapon in the battle against deepfakes’”
Could you please introduce yourself to our audience and share how you ended up working in cybersecurity?
I’m the CEO and Co-Founder of Flexxon, a pioneer in AI hardware security.
My career path to technology or cybersecurity came organically. I went to university to study business management, and it was here that I was introduced to the world of IT. As soon as I finished assembling my first PC, I knew I wanted to make a career out of designing and building technology. That’s when I chose to specialise in IT as a part of my degree,
After university, I worked at several multinational electronic companies, which allowed me to understand the industry and how to build various devices and systems. It also made me realise that I wanted to design original technology that addressed people’s real-life challenges. That’s when I decided to follow my own path and see where it would take me. It led to my Co-Founder, May, and I founding Flexxon in 2007. The company started out as an industrial NAND flash storage manufacturer but after lots of conversations with our customers about their growing cybersecurity concerns, we knew we had to do something to address the gap in the market.
Now that Flexxon has grown, my role is to oversee business development, industry partnerships and the team to ensure we’re constantly innovating to deliver the best cybersecurity solutions for our customers. Expanding the business globally has also been a huge priority in the last few years. We now operate in Asia, the Middle East, US, UK and Europe. The US is a big focus for us so it’s exciting that we’re working with more and more customers there, from healthcare organisations to financial services to many others.
What are the biggest cybersecurity challenges those in leadership roles are facing?
In the past decade or so, we’ve seen how quickly technology can evolve and whilst it is exciting, it also means cybercriminals have been able to use it to their advantage to increase the frequency and consequences of attacks.
In particular, new and emerging technologies such as AI have emboldened cybercriminals to move at a faster pace whilst the cybersecurity industry struggles to keep up. The single biggest threat to leaders is relying on a below-par cybersecurity posture that focuses on traditional software-based approaches that are human-centric, rather than multi-layered security with intelligent detection and response capabilities.
With advanced technology in the hands of hackers, cybersecurity experts need to invest in both software and hardware-based solutions for holistic protection. Hardware cybersecurity solutions – which have been historically (and wrongly) neglected by business leaders and the cybersecurity industry itself – are transformative, especially when infused with AI.
Combining advanced engineering with AI-based solutions at the physical layer elevates the speed, accuracy and capabilities of cyber defenders while removing the need for human intervention. This approach allows us to design a security ecosystem that builds from the hardware layer, to enable full-stack security across all seven layers of the OSI model that tackles even zero-day threats. At Flexxon, hardware has always been our bread and butter, and we’ve seen first-hand how it fares when software-based solutions fail, so we’re passionate about equipping our customers with a range of cybersecurity products.
Additionally, business leaders are also struggling with a huge tech skills gap – indeed 93% of UK businesses say they have one. Even more worrying are the stats about cybersecurity specifically. Currently, 4 million more people are needed to plug the skills gap, and with cyberattacks constantly increasing both in volume and frequency, leaders need to adopt a security-first mindset and work towards reducing it. As a first step, a full review of which skills are lacking within an organisation is needed. Then, leaders can formulate a plan that includes new processes and investment to attract, retain and upskill individuals.”
Worth a read: Marilou McFarlane, CEO of Women in Sports Tech: “It’s rewarding beyond measure to see how technology has impacted the growth of women’s sports”
What is it about generative AI that makes it so prone to exploitation by threat actors? Conversely, how can it be used for good?
Generative AI is a goldmine for cybercriminals. It lowers the bar so that they no longer need to be experts in coding, or wordsmiths who can produce authentic-looking phishing emails or texts. In fact, there are now generative AI tools made specifically to help those with malicious intent. WormGPT, based on ChatGPT, helps criminals to execute cyberattacks quickly and cheaply.
However, generative AI is a double-edged sword, and when used for good it is a game-changer. It has strong potential to automate various elements within the cybersecurity response chain, such as automated incident response, analysis and reporting. However, this is still restricted to a database approach because it is trained on data crawled from known attacks. It does little for zero-day threats.
However, when tailored AI and ML algorithms are deployed at the hardware layer, they can detect both known and unknown threats. This is due to the enclave environment of a hardware module, as opposed to the expansive external software environment.
Going forward, it’s no secret that hackers will continue to exploit generative AI, gaining access to data easier and quicker. And as it becomes more advanced, the cybersecurity industry will have no choice but to keep up. We must use generative AI as a lesson and invest in innovation. For example, at Flexxon we have dedicated R&D labs and company-wide initiatives to test new AI products that can fight against threats and for daily productivity – the more we understand and keep up with the trends, the better we can deliver on our promise to our customers. In turn, we’re developing new solutions for leaders from all sectors to easily implement across their businesses.
What role do you think governments play when it comes to cybersecurity?
A coordinated and collaborative approach between the public and private sectors is essential. In 2024, over 2 billion voters will be heading to the polls across the world so robust cybersecurity measures are needed to ensure threats are detected and dealt with as soon as possible.
To ensure the integrity of elections, public sector cybersecurity teams must be prepared to tackle an evolving threat landscape. Moves have been made to improve the situation, for example, the UK government set out a strategy to build cyber resilience and ensure public services are better protected from cybercriminals, but many organisations are underprepared to deal with new threats emerging through the use of AI.
However, it’s not just the risk to elections that should encourage governments to take a greater role in cybersecurity. Ultimately, cybercriminals will only become more advanced and with an ever-increasing amount of government and citizen data being stored online, governments need to be at the forefront of cyber safety. Governments must engage with cybersecurity experts, consultancies, and companies to assess their posture across the whole infrastructure and reveal any vulnerable points. By taking cybersecurity seriously, governments can act as role models to the wider private sector and encourage all individuals and organisations to upgrade their security strategies.
Explainer: Mouse not showing up on laptop [best fixes]
What’s something that has drastically changed about cybersecurity since you first got started in the field?
The rate at which technology is evolving. When I first started in the industry I was surrounded by innovation, but the momentum today is truly incredible. Emerging technologies such as AI have soared – ChatGPT was only released in November 2022 and it’s like we can’t image a world without it and generative AI more broadly.
Quantum computing is another really interesting one. The concept of quantum computing was established in the 80s but it’s not until recently that we’ve really started to understand its power and apply it to real-world use cases. In the past year alone, it has gained a lot of traction in media and in tech circles. “Q-Day”, when quantum computers will be able to crack codes protecting our digital data, could be as soon as 2025, experts have said.
With these technologies becoming more commonplace, we cybersecurity experts have had to work much harder to keep up with cybercriminals exploiting these advances.
The good news is – many more individuals and businesses now understand how important cybersecurity is. In the past, cybersecurity could have been considered less vital for the everyday person. However, with nearly every part of our lives now online from social media profiles to bank accounts to streaming services, a good cybersecurity posture is just as crucial to individuals as it is to organisations. There’s still a long way to go, but as a society, we’re understanding its importance.
What advice do you have for aspiring professionals wanting to work in cybersecurity?
Be passionate. Cybersecurity can be a complex industry, with evolving threats and new tactics there’s a constant stream of activity. If you’re not passionate about cybersecurity, it will be hard to keep up.
Experience is great – but not vital. As I said, I didn’t originally come from a cybersecurity background, and it hasn’t held me back in any way. However, once I knew that cybersecurity was something I was interested in, I made sure to embrace every opportunity I could, and was constantly curious. There is so much to learn, for example, I love surfing through YouTube and following channels about innovation and leadership. I also learn about my favourite personalities such as Alan Turing, Steve Jobs, George Soros and Warren Buffet to inspire me. This not only gave me a better understanding but also helped me choose what specific route I wanted to follow.
Additionally, it’s important to build strong networks. A support system is vital, in every part of life. I am a strong believer in building genuine connections with the people around you who can support you in both good and bad times. If you don’t know anyone in the industry in your day-to-day life, reach out to people via social media such as LinkedIn. I’ve had students reach out to me to help with their university work or ask questions about what it’s like working in cybersecurity and I’m always happy to help.
Networking and taking the initiative to seek answers will help you build a support system, understand the industry better and propel you towards a career in cybersecurity.
NEXT UP
Striking the balance between people and profits
Layoffs in tech are rising, but they aren’t a fix-all solution. Effective financial planning, upskilling and flexible work can help balance costs and retain talent.
Jussi Kaasinen, CEO and Founder of Movesense: “There is a huge need for remote patient monitoring in the medical and health sector”
We interview Jussi Kaasinen, CEO, Chairman and Founder of Movesense, a pioneering Finnish company in sports technology
Salesforce Connected Vehicle app promises “more personalised driver experiences” (and more ways to make money from drivers)
Salesforce has unveiled Connected Vehicle, an app enabling vehicle manufacturers to bring extra connected car functionality to their products