Holger Berens has hacked time. He occupies several prominent positions in the cyber security world, provides training to young people, conducts field research, stays informed with the world news, and is a Steering Committee member for the upcoming CS4CA Europe – the 6th annual European Cyber Security for Critical Assets summit. We catch up with him to learn what makes him tick, his thoughts on his industry’s future, and his tips for staying informed:
Q: What gets you up in the morning?
A: The latest news, a strong black coffee and a cigarette.
Q: How do you explain your job title to someone outside the cyber security industry?
A: This is very difficult to answer because I wear several hats in the security world. On the one hand, I am Dean of the Compliance and Corporate Security program, LL.M., and Head of the International Security Competence Centre at the University of Applied Sciences Cologne. As such, I train young people academically in the field of security and conduct research in this field. On the other hand, I am Chairman of the Board of the German Federal Association for the Protection of Critical Infrastructures (BSKI). Here we offer a platform for all critical infrastructure sectors so that companies can learn from each other. We also do lobbying in Brussels and Berlin. As shareholders of reduceo GmbH, we implement crisis and emergency management systems for critical infrastructures.
Q: What are some of the key recent shifts in the cyber threat landscape that you’ve been seeing, and what do you think they mean for cyber security?
A: According to a 2019 publication by Trend Micro, an analysis of threat data from 2018 shows a significant increase in crypto currency miners – 237% over the year – as well as an increase in the detection of phishing attempts and attacks using Business E-Mail Compromise (BEC). The number of BEC attacks rose by 28% in 2018, and the number of blocked phishing URLs by 269% compared to the previous year. Growth since 2015 has been almost 2,500%. Ransomware attacks, on the other hand, decreased drastically. From my point of view, these statistics show that the greatest weakness in a company is not the technical protective devices but the human being. This means that we have to create not only technical protection but also awareness among all employees.
Q: Is cybercrime evolving quicker than security?
A: This is a common phenomenon in criminal science. Criminals are faster and more innovative in all areas of crime. This increases the importance of training security managers so that they can – militarily speaking – get to the forefront of the battle.
Q: What do the next 5 years hold for your industry?
A: It’s hard to predict. You’d need a crystal ball to do that. 5 years is a very long period in today’s technically fast-moving time. I think that Incident Response will become increasingly important for both consumers and businesses. AI solutions will become an integral part of any cyber security program in the near future. Without AI, we can no longer cope with the enormous number of constantly growing cyber threats and security gaps. AI, on the other hand, can accelerate the discovery and analysis of cyber threats and drive decision making. We are currently researching an intelligent algorithm on the basis of millions of attack data in order to be able to predict cyberattacks.
Q: If you could change one thing about your work right now, what would it be?
A: I’m terribly sorry. I wouldn’t change anything!
Q: What is the best or worst security advice you’ve ever heard?
A: I heard the worst advice from a senior consultant at a large consulting firm: “Get certified to ISO 27001. Then you’re absolutely secure.”
Q: What’s your favourite way to stay informed about cyber security?
A: I regularly attend major international conferences to learn from my colleagues. In addition, I have subscribed to several independent newsletters and I regularly read the specialist journals.
#
Learn more about CS4CA Europe 2019 and secure your Early Bird delegate pass (save €250) here to hear first-hand from Holger and other industry leaders.
