Cyber Security Incident:"The question is not IF your company will be a victim, but WHEN"


 

As consultants and cyber security experts, we enable you to protect your company from cyber risks so that you can remain resilient and gain the trust of your customers and investors.

Our team has in-depth and cross-industry knowledge in the areas of offensive security, defensive security, process consulting, and security engineering.



 

Cyber attack?

CERTAINITY Incident Response Hotline

AT: +43 664 888 44 686 || DE: +49 800 2378246 || Europe: +43 664 888 44 686

reliable. trustworthy. bespoke.






 




OUR SERVICES

We make it simple, providing the best solutions

Offensive Security
Offensive Security

Identify vulnerable information systems and applications, audit and assess cyber resiliency via redteaming, secure volatile attack points and reduce attack surface.

Defensive Security
Defensive Security

Immediate availability in emergency situation, dedicated and experienced cyber security professionals at your service, incident management from breach to recovery.

Process Consulting
Process Consulting

Optimize security and compliance, develop security organization and increase GRC maturity, support cyber security certifications and audits.

Security engineering
Security Engineering

Build more reliable services, increase information systems resiliency against cyber attacks, establish secure software development practices and modernize security architecture.

Our Blog [home_home]

Latest update from our blog post

The Return of Identity Theft: In the Age of Phishing and BEC

Everyone’s talking about ransomware. Sure: encrypted data, ransom demands, PR disasters – that screams for attention. But while we stare at the skull on the front page, a once-familiar threat is quietly reclaiming center stage in the cyber threat landscape: identity theft.

With surgical precision and a toolkit full of camouflage, we are witnessing a renaissance of account compromise, business email compromise (BEC), and credential phishing. Particularly insidious: attackers are increasingly targeting High Net Worth Individuals (HNWIs) and prominent IT figures – such as Troy Hunt, the founder of “Have I Been Pwned.”

By: CERTAINITY24 Apr 2025

Not all that glitters is gold: pre-employment screening

NIS (NISG) already stipulates this today:

" The operator shall ensure that employees are trustworthy and aware of their responsibilities. The operator shall also ensure that employees are qualified for the roles assigned to them. "

The upcoming NIS2 directive will make this requirement even more specific: Annex 3, point 5b talks about mandatory background checks for security-relevant roles. The internationally recognized ISO 27001 also requires in section A.6.1 an appropriate check of all persons who are to be included - in relation to business risk, information classification and within the framework of applicable laws and ethical standards.

By: CERTAINITY9 Apr 2025

Responsible disclosure: responsible handling of security vulnerabilities

Mistakes are human - this also applies to software development. A simple transposed number or an overlooked special case in the code can have far-reaching consequences, such as security gaps that attackers could exploit. Closing such gaps requires a structured and efficient approach. This is exactly where the concept of a responsible disclosure process comes in. At CERTAINITY, we see responsible disclosure as an important contribution to the IT community in order to create a secure and resilient society against cyber attacks.

By: CERTAINITY19 Feb 2025
All blog posts