Three Questions for IT Security Expert Oliver Dehning

Many companies underestimate the threat posed by cyber attacks, even though experts believe that the threat is growing – this was the result of the eco IT Security Survey 2023. eco IT Security Survey 2023. As a result, cybersecurity should be a top priority in all companies. Oliver Dehning is a freelance consultant and Leader of the Security Competence Group at eco Association. In this interview, he gives his assessment of the state of IT security in SMEs. He will also talk about this in the third webinar of the event series with ITENOS on 25 May from 9.00-10.00. 


How do you assess the danger posed by cybercrime to SMEs?

Many SMEs either have no or only a small IT department. For this reason alone, they can hardly provide the necessary competences to secure their IT themselves. Therefore, IT in SMEs is often not well secured and vulnerable to attacks. This makes them an easy target for cybercriminals, who can thus achieve their goal with little effort and place ransomware, for example.

What are the cornerstones of a good cybersecurity strategy?

It starts with taking IT security seriously. The cybersecurity strategy is part of the remit of the management team, even if details of its development and operational implementation are delegated to subsequent levels, e.g., to an IT Security Officer (CISO). Moreover, the importance of data and systems must be clarified: which data and systems are vital, which are less important? To do this, it must first be transparent which data and systems exist in the company at all. Only then does the real work on securing these systems and data begin. An “Information Security Management System” (ISMS) describes this process in detail.

Many SMEs are often unaware of the dangers posed by cybercrime. What do you think is the reason for this?

I think most people are well aware of the dangers, even if perhaps vaguely rather than concretely. However, the topic of IT security appears to be very complex and challenging, and dealing with it is time-consuming and possibly expensive. Sound knowledge of IT security is also not necessarily widespread at the executive level. The benefits of IT security also often only become apparent when it is too late, i.e., an attacker has succeeded. This unfortunately, underpins the mindset of “Nothing has ever happened to us”.


Thank you very much for the interview, Oliver Dehning!

More information on the German-language ITENOS webinar and registration is available here.


Three Questions for IT Security Expert Oliver Dehning