IT security with a good dollop of humour

IT security with a good dollop of humour.

IT comedian, Tobias Schrödel, talks to Bechtle in an exclusive interview about current challenges, passwords, and the dark net.

Tobias was dubbed Germany’s first IT comedian by CHIP magazine, the Munich native having studied to become an IT specialist and with a wealth of published books under his belt. To name just a couple, there’s his book for young people, It’s a Nerd’s World, and his most well-known title, Ich glaube, es hackt!, an amusing dive into the world of hacking. He’s appeared on the stern TV programme since 2011, giving viewers tips on security vulnerabilities and how to navigate the pitfalls of the internet in plain language. In this interview, he talks about the increasing significance of IT security, the biggest challenges facing companies trying to protect their data, processes, and employees, as well as where internet threats come from.

How did you come up with the idea of IT security comedy?

When you do a presentation you don’t just show the slides, you have to do a lot of talking and the jokes just flow in naturally. I'm not trying to be the next big thing in comedy, but rather I want to entertain the audience in person or watching at home, to grab their attention so that they see what’s being shown.

Have you ever been the target of a cyberattack?

Absolutely. Every day! With phishing e-mails, I mean. And every time I hold a talk at a university about live hacking, but in that case I know to expect my provider telling me that 85 students have tried to hack into my website.

We’re always reading about DDoS and ransomware attacks and phishing. In your opinion, what are the biggest cyber challenges facing companies?

Ransomware attacks are the biggest threat and it doesn’t look like that will be changing any time soon. And why? Because the targets are quite easy to take to the cleaners, and there are just so many of them. As soon as one company starts fighting back, the hackers can quickly find a new target whose defences are down and not professionally secured.

Is it enough in the long term to just put in place a high level of security measures once and forget about it?

It’s going to be a good foundation, but not an effective solution in the long run, because, and in IT security more than most, things change ever so quickly. Let’s take passwords, for instance. Four years ago, an eight character password was totally fine. Computers and processors have become so fast that it’s now recommended to have a ten or 12 digit password for it to be secure. We need to be updating our security measures at the same pace technology is changing.

Secure passwords. Is a good password really secure?

Well, time has also taken its toll on this. A complex password of course provides far more protection than a simple one, but we can’t get away from the fact that we will need to set up two or even three factor authentication as standard in business environments. Online dangers are just too great.

“Online danger” makes me think of the dark net. Could you briefly tell us about that and why it’s such a threat?

So to start with, the dark net is an online space that theoretically anyone can access. You just need a special browser and then you can enter from anywhere in the world. What many people don’t realise is the browser is not illegal.

The dark net itself is actually just a platform. A platform that—when you do it right—lets you surf and interact anonymously. This makes it very attractive to criminals, of course. When talking about the dark net, though, there’s another aspect that shouldn’t be overlooked. It does sometimes take on a “good” role for our society, such as for investigative journalism, allowing informants to share important information anonymously.

What do you see as the biggest risks of digitalisation?

As a society, we have become very dependant on digitalisation. In every area of our lives. That doesn’t mean that digitalisation is bad, we just need to weigh up the pros and cons of digitalising absolutely everything. We also need to ensure we have a Plan B ready to go in case there’s a power cut or the server gets taken out by an attack.

Just one more question. People say that there are companies that have been hacked and those that don’t know they’ve been hacked. Is that still true?

Well, I would now say that there are many companies that have been hacked but don’t tell anyone. They’ll definitely know that they've become the victim of a ransomware attack, for example, because the criminals’ aim is to extort money from them.