Q & A Round with Thomas Tschersich (Chief Executive Officer, Deutsche Telekom)

What is the hot topic of the year in the current cyber landscape?

For me there is no such thing as a “hot topic” as this would then be mostly one hype. However, there is one thing we need to take more seriously: Continuous implementation of security updates needs to be higher on everyone’s agenda. Unfortunately, they are still among the main entry vectors for attackers that we can easily prevent.

What are some of the biggest threats, that are not being talked about enough?

No big threat in the traditional sense, but if I have to name some: Ransomware is certainly one of many topics that has been on our minds for a long time and still one of the biggest threats. Further topics are DDoS, Identity Theft and Social Engineering. Identity theft is becoming more critical than ever when it comes to metaverse. Whom can you trust in the digital world without trusted ID‘s?

How do you react to constantly changing threats in the market?

Having a Threat Intelligence that continuously observes the market is essential in order to react to changing threats and adopt your defense strategy accordingly.

How do you quantify risk?

The focus should not be about quantifying risks, but on quantifying impact like service interruptions and what that would mean to a company.

In the event of a data breach, what is your response plan?

There is no such thing like an overall response plan as each attack is individual. It is more about preparation than response itself. Having the right staff with all skills needed available to solve an incident is essential. If you are prepared in this sense, it is easy to develop the plan just in time.

What are some of your favorite "new" technologies or tools?

The trend is moving more and more into cloud. This means that the basic infrastructure and therefore the security of it is not any longer under your control. In future, it is more about the data and the identities as this is the left part where you as a company have control about when it comes to security. The technologies are not new but the principles implementing security in a company are.

What are some of the key components to succeeding as a CISO in today’s business environment?

Stay calm, understand the business and support their needs. If you are treated as a roadblock, you will be handled like a roadblock. If you are treated like a source of revenue and support of business, you will be treated like this.

What are the three things that you as CISO look at first to assess an organization’s cybersecurity readiness?

The level of accuracy of inventory on technical assets, the level of patching and the status of configuration of systems. I do not know any attacker that would stop an attack because of a company having a policy or being certified. What matters is the condition of your infrastructure.

If you had a time machine, what advice would you give yourself at the beginning of your career in cyber?

To be honest: If I had a time machine, I would be more interested to see what will happen in the future. I would be curious about when mankind is moving into new galaxies and to investigate the universe.

You are set to the stage at Black Hat MEA this November, what can our audience expect from your session, and what are you most excited about?

We will talk about insights on how to deal with Ransomware and what companies should know about it. Especially interesting are practical advices on how to handle the situation better.