Flexxon is a company which specialises in hardware-based storage and cybersecurity solutions. First established as a leading NAND flash storage solutions provider, with a focus on medical, industrial and automotive applications. Flexxon now specialises in standard and customised products and solutions that serve a wide spectrum of industries. 

In 2021, the company diversified its business and introduced a cybersecurity arm with its flagship cybersecurity solution, the X-PHY Cybersecure Solid State Drive (SSD). Today, Flexxon operates across the globe and works with more than a hundred clients worldwide. 

Building on the X-PHY’s market-changing technology, Flexxon is developing an entire suite of products and services that will address gaps in cybersecurity for individuals, SMEs and major enterprises. 

CEO Camellia Chan founded the company in 2007 and has oversight of every facet of the company's operations - prioritising short-term and long-term objectives, including profitability, ROI and expansion. “Part of my role is ensuring I am staying on top of leading cybersecurity trends across industries, including healthcare, to continue to innovate and meet our clients' expectations.” 

In her everyday tasks she combines her passion for business and technology, and with this in mind, the Flexxon team have crafted a specific ethos for the company: To protect the basic rights of digital citizens as cyberthreats continue to evolve in complexity and volume. 

“Our work is vital in staying one step ahead of cyber attackers,” says Chan. “Conquering cyber threats then opens up even more possibilities for citizens of the digital age to live freely and without fear online.”

Here, Chan tells us more. 

A female CEO in cybersecurity

When Chan set out to build Flexxon with her business partners, she never thought about gender. 

“We were three women in the room looking to build a tech business that created value and impact,” Chan says. “I initially majored in business and yes there were a lot of men in the room there as well. I became drawn to the more technical aspects and during my second year at university, I assembled my very first PC. I was hooked and wasn’t going to be stopped by gender equality statistics. I just surrounded myself with the right people — which would be my number one piece of advice.” 

First that was hanging out with engineering students, then it was the people in her company and finally other industrious and ambitious tech women and men that helped Chan to hone her skills. 

“The connections I have made with female colleagues and allies at conferences, industry organisations, and other events have formed my support group and I support them as much as they do me. I think my showing up, speaking, and mentoring at women in tech and cybersecurity events is a key to advancing our progress in STEM industries. Every successful female tech entrepreneur who stands up is a demonstration to young people that they can succeed.

“It hasn’t been easy. I had to leave my comfort zone repeatedly to make progress and had to keep in mind that change doesn’t happen overnight. I celebrate every incremental hurdle overcome and every achievement.”

The ‘RA Group’ is a recently emerged ransomware organisation that is believed to have been formed in April 2023. Although it is in its infancy, this cyber gang has made a flashing debut and quickly has attacked various organisations including insurance providers and pharmaceuticals. RA Group aims to extort organisations through a double extortion attack. This method consists of a group encrypting sensitive data and threatening to publish or sell the information if the ransomware payment is not met on a specific deadline.  

“This is another example of how threat actors are multiple steps ahead and continue to evolve their tech and business models to bypass software defences,” says Chan. “Software, and as a result, its defences, change rapidly. This makes it easy for hackers to exploit vulnerabilities, while making it extremely difficult for software security solutions to identify newly modified threats, putting confidential data at risk. As a result, organisations need to think outside the box. One particular area healthcare leaders should consider looking into is utilising artificial intelligence (AI) at the hardware layer within an enclave environment to combat cyberattacks and be at the forefront of cybersecurity defences.”

Chan is clear that healthcare institutions need to think outside of the box in regards to their security.
“The healthcare industry must stop expecting the same old cybersecurity methods to work – especially when they have already failed many times before. According to federal records, healthcare data breaches have exposed 385mn patient records in the US over the last decade, underscoring that although tech can improve how we do healthcare, it also makes us vulnerable.”

Data protection should be the top priority for organisations. Information like medical records and health insurance can be used to commit blackmail or fraud. Plus, cybercriminals can use this info to launch social engineering attacks (cyberattacks designed to manipulate individuals through interaction), conduct extortion, and much more. All attempts to target an individual are dangerous, what varies is the scale of impact. The danger can range from financial losses to physical harm.

“To date, the healthcare industry has relied solely on solutions that protect at the software level, but with each new attack, we’re seeing that current threats go beyond that,” says Chan. “We won’t see meaningful change until organisations realise that solutions at each layer and especially the firmware-level, is critical to being fully protected.” 

Until firmware-level security becomes widely adopted, Chan expects that the number of malicious attacks experienced across all aspects of life, from hospitals to schools and everything in between, will continue to rise. To fortify networks against opportunistic cybercriminals, businesses should embrace advanced technologies such as AI. 

“AI-based solutions at the physical layer provide a last line of defence against sophisticated attacks while removing the need for human intervention, thereby safeguarding sensitive data from potential breaches.”

Flexxon’s CEO Camellia Chan

AI is empowering the industry to circumvent cyberattacks

AI-based solutions at the hardware layer provides a last line of defence against sophisticated attacks, protecting sensitive data from potential breaches. As AI consumes data artefacts it becomes smarter, enabling it to analyse relationships between threats in seconds. 

“As a result, AI reduces time to knowledge, empowering faster decision making and remediation of threats. The strongest organisation that will come on top in terms of their security protocols are those that are harnessing AI-powered solutions,” says Chan. “Therefore, it is to the benefit of leaders to look at low-level AI integrations as it closes security gaps and dangerous vulnerabilities.”

There is a roadmap for building a security tech stack and the first step is realising there is no one size fit. 

“Healthcare CISOs must carefully choose offerings and configurations that address both their specific needs and the existing gaps in their cybersecurity postures. The bottomline is that a comprehensive and multi-layered approach should be adopted,” she says. “A typical cybersecurity tech stack may include solutions for network infrastructure, identity and access management, endpoint, application, threat intelligence and more.” 

The cybersecurity leader should take an organisation-first approach: collaborate with management across departments to make sure the security programme aligns with business objectives. 

The security leader should build a risk profile that includes budget, manpower and technology knowledge. A detailed risk profile checklist identifies threats and vulnerabilities to determine the probability of an exploitation and the resulting impact on the organisation.

“With this assessment, the CISO can select varied solutions that address the specific gaps within systems,” says Chan. “The company can design a multi-layered and diversified cybersecurity infrastructure which will address risks across the enterprise from physical hardware and internal software to external vendors and the network perimeter.”

Once the technologies have been selected, an organisation needs to create a sound strategy for implementing and integrating the cybersecurity tools into the IT infrastructure, careful not to implement too many at once and thoughtful about which vendors to select. 

“Perhaps choose a vendor that consolidates multiple security functions into a single platform, which reduces complexity, cuts costs and improves efficiency,” says Chan. “However, I do not advise companies to use multiple layers of one form of protection. They should diversify them across the system to secure each layer of the system, one on top of the other to protect all seven layers of the OSI model.”

While a powerful cyber defence tech stack is essential, leaders must not only focus on the technology but also on people, strategy, plans and training. 

Companies that discard the obsolete view of cybersecurity as a reactive cost centre and make it a cross-functional priority will gain competitive advantage. Mindset is a big thing: Organisations that underestimate cyber criminals' ingenuity are the ones who don’t prioritise security. A healthcare organisation’s reputation is obviously crucial to its success. Data breaches that compromise sensitive patient data damage an organisation’s reputation and cause a cascade of legal, compliance and financial problems.

"Tech will not thwart all threats, in fact 95% of all security issues can be traced to human error, according to the World Economic Forum. Phishing and other forms of social engineering attacks are the most common threat vectors, making a comprehensive education and awareness program an absolute necessity in securing an organisation’s data.”

Chan recommends that healthcare organisations adopt processes and solutions that remove the human element from the equation, with the deployment of low-level AI tools and zero trust architecture, in which only authorised and authenticated personnel can access the content within, which further serves to protect users, applications and data from external threats.

“Finally, never stop assessing and upgrading your defence processes and technologies,” she says. “Never set-it-and-forget-it because the bad actors will never stop innovating and exploiting new attack surfaces.”

Chan is also dedicated to mentorship at Flexxon, as new joiners come from many different backgrounds. 

“Some come to us with great technical expertise and experience, while others may be fresh graduates looking to apply theory into practice,” she says. “Regardless of the experience level, mentorship is an essential part of our company culture. We believe that guidance should always be available to our team. We ensure that mentorship and sharing sessions are organised every other month so that the team can learn from each other, as well as our advisors who are highly established individuals in the field.”

In addition, the company also established the Flexxon Innovation Lab to facilitate learning and development across departments and offices from different countries. 

“New skills are picked up all the time by our team, and by me, and I am always heartened to see how much each individual grows over the years.”