Watch the 4-minute video here or on YouTube, or read the transcript below.
dotmagazine: What are the new types of cyber attacks that are emerging currently and how do they differ from existing types?
Gordon Muehl: I think a lot of people see this discussion about IoT attacks and misusing of IoT attacks in a large scale. That is on the one side a different kind of cyber attack because we have more different kinds of devices, but what also makes a big difference is that it’s getting much easier for the bad guys to get a kit to build this kind of cyber attack. It’s a much more industrialized business from the bad side, where you easily can buy an attack kit and such things. And this combination of both – combination of more devices and the combination of easier access to malicious software or kits to build malicious software – that makes it extremely dangerous.
dot: How can companies and end users protect themselves against such attacks?
Muehl: I think that pretty much hasn’t changed in recent years. What has to be changed is the attitude of people and awareness of the problem. All the protection technologies which were valid in the past are still valid today – not sharing your passwords, using different passwords, using a virus scanner, protecting your network. And do all that as a person, and also do the same thing as a company. So the priority has to change, the attitude has to change, and people have to look at that. And that is what the individual can do.
What the industry must do is to make it much easier to consume security technology, because it’s not a solution to remember a hundred or a thousand passwords. That is nothing humans can do easily and would like to do. So people have to pay attention and the security industry has to make the security tools and techniques much easier to consume.
dot: With continually evolving attack vectors, how can companies and end users keep themselves protected in the long term?
Muehl: When we look at the history of how we – in the last hundred years, or even more – developed safety and security in different areas, we were pretty good as mankind to get very much safety. We still rely on airplanes, on cars, and all that. And we have no basic issue with that. We go on a plane and we think it will land.
But those qualities that we achieved in safety, we need to achieve in security as well. Because now elements like IoT impact safety, not only the software world – it really impacts physical stuff. And therefore, in the long run, I think a lot of qualities and ways to ensure safety we have to apply to the security world as well. Only then will we get what we call in Germany, “Sicherheit” – so, bringing both elements together. For HUAWEI that is a key element in our strategy change for engineering, to make it more resilient, more reliable, so that we have the same quality that we achieved in safety also achieved in security.
Gordon Muehl as the Global CTO for Security and Privacy Protection Technologies at HUAWEI, is responsible for the planning of research and development activities of all Security and Privacy Protection topics worldwide. At the same time, he is also Head of the R&D team in Germany, as well as the Cloud Security Lab in China. Until 2015 he was the Senior Vice President and CTO Security of SAP SE, and was responsible for all topics relating to product security and product standards. As Chief Architect, he had previously defined the entire architecture of the SAP Business Suite and SAP ERP. He studied mathematics and industrial engineering in Siegen, as well as undertaking management training in Cambridge (UK), Insead (FR), and Stanford (CA).
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.