Mr. Abolhassan, there are countless studies and surveys on IT security and more are published every week. The results are similar: The threats are growing, companies tend to believe that they aren’t prepared enough to tackle them, and incidents are not related to the cloud, yet companies regard the cloud as a security risk. The responses are pretty contradictory.
Many companies are still uncertain and not adequately informed about the subject of IT security. Everyone from the IT sector wants to contribute to the debate. And most contributions start with spectacular incidents and horror scenarios because that’s how they grab attention. That’s tiring for many companies. The manufacturers then like to bend the incidents toward their products and so they confuse customers more than they inform and support them.
So too little is talked about regarding the responses to cyber risks?
The discussion tends to be static in my view. It still revolves a lot around fire-walls, anti-virus protection and other tools to repel attacks. These tools also have to be used. But what do we do against the pinpointed, usually very professional attacks? And how do we respond to new risks as a result of digitization trends such as the Internet of Things? And, above all: How do we organize security so that it is also used and is simple to operate and obtain? There is a huge need to take action here.
Yet things soon get complex and complicated, especially with the Internet of Things…
IT security is complex and this complexity puts people off. Hence, they prefer to stick their head in the sand and hope nothing happens. That tactic can go well for a time: At any rate, more than two-thirds of the IT experts questioned in a recent survey by eco claimed there had not been any significant incident at their company in the past years. I have my doubts about that: Many attacks remain undiscovered. In addition, more than one-third admit in the survey that they have had one or more incidents in the past years. In Germany with its around 330,000 companies with ten or more employees, that would mean more than 100,000 victims of cybercrime – a figure that should be taken very seriously.
What is your answer?
We have to tackle the problem right at the beginning: Design Thinking for Secu-rity. By making IT security simple: simple to obtain, simple to use and simple to operate. Many solutions have suffered to date from the fact that only security experts have been able to use them. What if the security software not only detects known, but also unknown malware? What if this software tracked all operations in a smartphone and detected every unusual operation? Like a permanent electrocardiogram that monitors heart activity. If machine-learning algorithms automatically instigated the best possible measures to repel attacks? We’ve developed Mobile Protect Pro, a security solution that can do just that: If it discovers a company phone that’s infected, it automatically excludes it from the company network. It then automatically informs the owner and Corporate Security and searches for a suitable patch. That’s what we mean by simple.
Apart from simpler solutions, what’s important so that cyber risks for companies can be minimized further?
We have to pool our forces. That’s why we’ve teamed up with our partner Al-ienVault to offer a security solution that enables our business customers to benefit from the know-how of and knowledge sharing between many other companies. The more than 30,000 members of this platform report attacks and attack patterns in real time. Successful measures to repel attacks are also shared. That means everyone benefits from each other and security increases on a broad scale. Cyber Security Sharing and Analytics e. V. (CSSA) was established on the basis of a similar idea. Large groups share their experience in cybersecurity as equals in this association. All its members – who include Allianz, BASF, Siemens and, of course, Telekom – are convinced that sharing knowledge is a vital part of successful defense.
Mr. Abolhassan, to finish our interview, I’d like to ask about the security of cloud computing. The prime focus of the eco study is on security issues – especially mobile device security or malware in the web. Do you have understanding for that?
It’s human nature that we want to be able to control things ourselves, so I certainly understand that. We at Telekom are in the sights of hackers, who launch four to six million attacks a day on our honeypots. In order to protect ourselves and our customers’ data, we do all we can to make our data centers, networks, platforms and services as secure and fail-safe as possible. On top of that, there’s German data privacy. Our security measures are flanked by our quality management program Zero Outage. Apart from the technologies, we also keep an eye on our processes and staff at all times. We can offer our customers reliable cloud services only with this holistic approach. No small or medium-sized company can afford the cost and effort we expend here. Only a global player like us can nowadays ensure maximum security coupled with the highest possible quality.
Explainable AI looks into the “brain” of artificial intelligence and can explain how logarithms make their decisions. An important step, because the new General Data Protection Regulation requires traceability.