CeBIT 2017: Security Chiefs Warn of Executive Security Disconnect

CeBIT Panel

A group of European security luminaries has told an audience at today’s CeBIT conference that companies must move quickly to avoid cybersecurity disasters–and that executives and CFOs are often unaware of the imminent threat posed by hackers.

Speaking at an event named ‘Organizations Under Attack’, the four-man panel spoke about the shift towards app, mobile and Internet of Things (IoT) technology in recent years, and how it has left firms at risk of attack from a multitude of angles.

Tom Köhler, partner at Ernst & Young, told the packed crowd, at the weeklong show in Hannover, Germany, that these “systems of systems, as we talk about them, have different dynamics and security. So how can you softly say that there’s actually a problem?”

Köhler added that CFOs, in line with business models of years gone by, do not align security issues with the business as a whole. Instead, he urged, executives must think about security in a holistic manner.

“Start from the top…you need your partners as part of the dialog in the beginning, to drive down the cost,” he added. “If you have connected risk, you also have connected defense.”

Promon founder and CTO Tom Lysemose Hansen–who had previously entertained the audience by telling them how he and colleagues had discovered how to steal a Tesla car by hacking its app, stressed the importance of making it as hard as possible for hackers to make money. “If we don’t reach that threshold, if it’s very easy for the bad guys to steal a Tesla, then they will make money, they will prove their tools and we will have a very bad spiral,” he said.

Next year in Europe, with stakes higher thanks to the introduction of the GDPR (The General Data Protection Regulation, which will harmonize existing EU data privacy laws across the entire bloc), “In Germany, every company over ten employees needs to have a data protection visa,” said Raimund Genes, CTO of Trend Micro Blogs.

“If something goes wrong under GDPR I might get fined, and I might not run a business any more,” he added. “And that’s all over Europe next year.”

Many tech companies spend around 5-10% of their budgets on security. But increasingly firms are looking to spend more in the sector–contributing to an estimated global industry value of $120 billion.

“In certain areas, adding security will actively increase your revenue,” said Köhler. “You should actively spend enough on security to make sure that your end-users trust your solutions, and that their security is at a high level. Because you will receive a big uptake and adoption of that platform, which generates more business and less cost.

Köhler added, “It’s not only about 5-10%. It’s about maybe spending a little more in some areas where you have cost savings over other areas.”