Mistakes are human - this also applies to software development. A simple transposed number or an overlooked special case in the code can have far-reaching consequences, such as security gaps that attackers could exploit. Closing such gaps requires a structured and efficient approach. This is exactly where the concept of a responsible disclosure process comes in. At CERTAINITY, we see responsible disclosure as an important contribution to the IT community in order to create a secure and resilient society against cyber attacks.

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

Ransomware attacks have reached a new record high in 2024 and are threatening companies worldwide. Critical industries such as healthcare and public authorities are a particular focus, but small and medium-sized enterprises (SMEs) are also increasingly affected. Cyber criminals are increasingly relying on data theft to force ransom payments. Unfortunately, this perfidious tactic is often successful, which further exacerbates the threat situation.

But how can companies defend themselves? The General Data Protection Regulation (GDPR) plays a central role in the fight against cyberattacks by setting out clear requirements and reporting obligations.

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

Multi-factor authentication (MFA) is often presented as THE solution against phishing attacks, since a second factor (e.g. a temporary one-time password) cannot be reused by attackers. Many companies and software vendors therefore require their employees and customers to use MFA. Microsoft has also changed its requirements for MFA for many of its Azure cloud services since October 2024, enforcing the use of a second factor without the option of disabling it. More services will follow in early 2025 (https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/).

The first part of this blog post series Do you know your assets? introduced the importance of threat modeling for manufacturing companies as well as the CERTAINITY modeling technique and the underlying metamodel. This modeling technique enables comprehensive modeling and assessment of threats and risks based on three levels of abstraction.

This blog post discusses the CERTAINITY method of threat modeling for manufacturing companies, based on the data flow of the modeling technique.

Warum es sinnvoll und nutzbringend ist die eigene Infrastruktur mit distributed Dinal of Service Angriffe zu testen. read more...

I took part at a webinar on “Fraud traps & fakes on the internet” organised by the Upper Austrian Chamber of Labour and was pleasantly surprised at how many people, even at an advanced age, also took part. I was so positively surprised that I would like to share a few thoughts on this. In today’s digital world, information security and cybersecurity are of crucial importance. But why should we be concerned with it at every stage of our lives? How can we protect ourselves from the many dangers we are exposed to every day on the internet or on other channels such as social engineering, fraud traps, etc.? In this article, I want to highlight the reasons for the importance of awareness in relation to information security and cybersecurity, as well as provide a few tips on how to protect yourself effectively.