‘There was no roadmap for this’

Marco Gercke—one of the world’s leading experts in cybersecurity—shares his hacks for staying cyber-secure in an interconnected world

Not many people can say that they fell into cybersecurity by accident but for German Professor Marco Gercke – a world leading expert who has spent the last 15 years advising governments, international organisations, and Fortune 500 companies on issues around how they can protect themselves online – that’s exactly what happened.

One of his first companies utilised machine learning to develop software solutions for medical diagnostics; another, a media agency, used artificial intelligence for user interaction. Digitalization, its uses and effects on society is also a specialism. Yet, it wasn’t until he applied to study for a PhD and suggested focusing on cybercrime to a professor that his career path was inadvertently set. 'There was no roadmap for this: the PhD attracted the attention of the United Nations and from there, I started advising governments,' he notes. 'It’s such a fascinating area. I deal with ministers in high stress situations, guiding them through the process if something happens. We build up a very special, close connection.’

'This is not solely an economic issue: it can touch core democratic principles'

As the founder and director of the Cybercrime Research Institute, an independent think tank based in Cologne, his role involves giving advice; not just on economic issues but also in the fields of strategy and politics too. 'I was in the US in 2016, around the election and it was heavily influenced by cyber,' he notes. 'Therefore, we need to be aware that this is not solely an economic issue: it can touch core democratic principles, push voters into a certain direction and influence elections.’

The main focus of Marco’s work is in the development of innovative approaches to tackling what has become a central problem for governments and business in recent years—cybercrime. However, for some clients, low-tech prevention methods are still the best. For instance, he recollects a trip to visit a government minister in the Pacific. ‘On my last day, I was in his office and at one point, he asked if I had swimwear with me. We made a plan to meet up again in two hours… in the lagoon. Later that day, we stood waist deep in the water together. He smiled, and said, you know, the machines in our offices are all bugged. Here, you can’t have a phone, I can’t have a phone and nobody is around.’

Of course, arranging to meet someone in a deserted spot on a tropical island isn’t realistic for everyone and Marco has other, more practical tips that he says are ‘way more effective than installing the latest software on your phone.’ For starters, think about what you’re saying on your phone when in public.‘It's funny when people are so concerned about cybersecurity yet they're on the phone on the train or wherever and then shocked when someone hacks it,’ he says. 'Also, don't come up with passwords; let the machines do that for you. And don't use the same password everywhere. If there is a security breach, your password will be disclosed and if you're using the same credentials for every service, criminals can access them all.’

'The future will determine to what extent such new technologies can offer opportunities for users'

Marco also cautions against thinking that insurance is the overarching solution to the problem.‘There was a time when insurance was available for a reasonable price, and in some cases offered solid coverage. However, the fact that insurers had to cover significant damages—especially in the US market—led to rising fees and increasingly limited overall coverage. So companies should carefully evaluate if, and to which extent, insurance can be a building block of their cybersecurity strategy.’

Asked to give his view on how modern advancements in tech such as web 3, the metaverse, blockchain, and how they will affect cyber security, Marco’s first point is that these are all buzz words. 'Similarly to what Apple’s CEO Tim Cook said recently, I do not believe that there is a harmonised understanding of what the 'metaverse' is or will be. The future will determine to what extent such new technologies can offer opportunities for users.'

When pushed on the topic though, he explains, 'I suggest those responsible for innovation should be open-minded about new technologies, but also investigate and monitor to what extent they can benefit from them. I do not believe that the fact that they are buzz words automatically makes them relevant. The days when adding 'blockchain' to a service description led to the stock price of a company doubling, seem to be over. That said—out of the three megatrends, blockchain is the one where I see most relevance in the field of cybersecurity. Blockchain technology could be one that we can utilize to enhance transparency and identify modification and alteration threats—both of which are relevant approaches that can play a crucial role in developing a safer cyber environment.'

'Every opportunity comes with risks'

Marco has worked in over 100 countries across Europe, Asia, Africa, the Pacific and Latin America where he war-games cybersecurity incidents with governments and board members of large enterprises (this includes the World Bank, the European Central Bank and the Munich Security Conference).

Having spent so much time in cybersecurity it would be easy to imagine that Marco has a negative outlook on digitisation but in fact, he is overwhelmingly positive. ‘Every opportunity comes with risks. There are risks related to enterprises and risks related to individuals who are often easy targets, which need to be identified. But in general, I have a very optimistic view about the future. If you look at technology, I believe we're living in an interesting time,’ he concludes. ‘It's very difficult with the war in Ukraine, food shortages and energy crisis but despite all of this, there are a lot of things happening that have the chance to take us into a slightly brighter future.’