Mikko Hyppönen, a longtime cybersecurity expert, has spent more than three decades tracking the evolution of malware, from early floppy disk viruses to sophisticated state backed cyber operations. Speaking at a major industry gathering, he described the paradox of cybersecurity work, where success often goes unnoticed and failures accumulate, likening it to a game in which progress disappears even as risks grow.
Hyppönen, who has analyzed thousands of malware variants since beginning his career in the late 1980s, has become one of the most recognized voices in the field. His work has spanned the early days of computer viruses to modern cyber threats, reflecting how both technology and the motivations behind attacks have transformed over time.
From floppy disks to global cyber threats
When Hyppönen began his career, the term malware was not widely used. Early threats were often referred to as computer viruses or trojans and spread through physical media such as floppy disks. One example he cited was Form.A, a virus that circulated widely in the early 1990s and could travel across the world, even reaching remote research stations.
In 2000, Hyppönen and his colleagues were among the first to identify the ILOVEYOU virus, which spread through email as a text file disguised as a message. Once opened, it replicated itself by sending copies to all contacts and corrupted files on infected systems. The attack affected more than 10 million Windows computers globally.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Over time, the nature of malware shifted. What was once driven by curiosity or experimentation has evolved into a domain dominated by cybercriminals, espionage actors, and organized groups. Incidents such as the WannaCry ransomware attack in 2017 and the NotPetya campaign later that year demonstrated the scale and impact of modern cyber operations, which now often involve state backed activity.
A changing industry and new front lines
Hyppönen noted that cybersecurity has become a highly developed industry, now valued at approximately $250 billion. Defensive tools have advanced significantly, making modern devices such as smartphones far more secure than earlier systems. He argued that exploiting widely used platforms now requires substantial resources, often limiting such capabilities to governments rather than financially motivated attackers.
Despite these advances, he believes new challenges are emerging. In mid 2025, Hyppönen shifted his focus from traditional cybersecurity work to drone defense, joining a Helsinki based company that develops anti drone systems for law enforcement and military use. His interest in this area has been shaped in part by the war in Ukraine, where unmanned aerial attacks have played a significant role.
Bridging cybersecurity and drone warfare
Hyppönen sees parallels between combating malware and countering drones. In cybersecurity, defenders use signatures to identify and block malicious software. Similarly, drone defense systems can detect and track unmanned vehicles by analyzing their radio frequencies and identifying unique patterns.
He explained that once the communication protocol of a drone is understood, it may be possible to disrupt or interfere with its operation, potentially forcing it to malfunction or crash. This approach, he said, reflects a continuation of the same strategic dynamic that has long defined cybersecurity, where defenders and attackers constantly adapt to each other’s methods.
For Hyppönen, the shift represents both a professional evolution and a response to changing threats. Having spent years confronting malware linked to Russian actors, he now finds himself addressing drone related risks tied to similar geopolitical tensions. He described the work as part of a broader effort to confront emerging technologies that are reshaping modern conflict.
