Thomas Tschersich, Chief Security Officer at Deutsche Telekom, served as an advisor in the preparation for the Cyber Council Panel on Cybersecurity Predictions 2022 which will see CISOs, CIOs, and CSOs discuss next year's cybersecurity threatscape on Wednesday, November 10 from 09:30 pm to 10:10 am at Cybersecurity Leadership Summit 2021.
To give you a sneak preview of what to expect, we asked Thomas some questions about his predictions.
Yeah, actually, well, when I look at the recent developments, I believe that DDoS attacks will be definitely an ongoing trend next year as well. So we see a couple of thousand attacks every month. And the second thing which will drive us will be, in my prediction, the ransomware topic, as this is still growing. We might see some new deep fakes. So cases with CEO fraud, with really deep faked videos instead of just cheating email conversations or phone calls. But that's in a nutshell what I do expect.
So I have no special type of attack in mind here. I would turn that a little around. So what I do expect most threatening not only for us but for all organizations, is still that we don't have the basics under control. What do I mean by that? Not having the basics under control is, for me, not more and less than cleaning up our infrastructures by introducing software updates really in a timely manner to the new detection of vulnerabilities. So we're all not good in doing so. And the result is that more than 95 percent of the attacks are being successful just because of missing software updates or bad configurations of systems.
This should keep us awake at night and this should be the priority number one, two, and three for next year, really to get it fixed. And so we need to bundle our forces so we need a better exchange between enterprises to share whether an update is working or not. So not to do testing in any case at any company so we can become better just by sharing that knowledge. But we also need better support from vendors. There are still a lot of also huge vendors existing which are not really open and honest about their vulnerabilities and which are not really supporting their clients on a daily basis.
Look, as the whole industry is now moving more and more into cloud services, the perimeter of the company is paralyzing itself. So there is no perimeter to protect any longer, actually no perimeter like in the past. So there's not the one and only perimeter. So, therefore, I believe concepts like Zero Trust becoming increasingly important to bundle the security more to the endpoint and on the other side, to the data itself and not any longer to the corporate network infrastructure. So this is for me, one definite trend we have.
The second thing which is closely aligned with that is that prevention only is not sufficient enough for the future. It's more about having capabilities to monitor the status, to monitor your infrastructure, and then to be able to react fast if there are some anomalies being detected there. Yeah, this is the biggest challenge for most of the organizations, as a lot of organizations were pretty much focused on shielding themselves, building a fence around their infrastructure. And that's more or less one hundred percent of the cyber protection. And nowadays, you have to assume that attackers will be successful at one point in time, and therefore, you need to have these better monitoring capabilities without for sure losing the preventive approach totally. So but it's shifting the forces, and that's definitely one of the priorities for me and my team.
I would say the challenge, number one, is the shortage of resources, of skilled resources, at the market and it's the challenge number two, three, four, five, six, seven, eight, and ten, and so on. That's the biggest issue currently, really to find the right people for your team to find the right resources to deal with security as the market is demanding so much at the moment. It is totally empty. So we're investing a lot in training and education for our people to train them by ourselves. So that's the only way out at the moment. And yeah, I guess this is what we need to solve. Otherwise, we got lost in the cybersecurity arena. It's not that much a technical issue because there are a lot of technical solutions available and in place. It's more the people to run those infrastructures.