our weblog

Latest update from our blog post

Forecast 2025: Defensive Security

by: Florian WaltherMonday, January 20, 2025

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

read more...

 

Forecast 2025: Security Engineering

by: Michael BrunnerTuesday, January 14, 2025

2024 brought some exciting developments in IT security: from the CRA coming into force to the CrowdStrike incident in summer. Now we are in 2025 and the question arises: What’s next? Of course, it’s impossible to answer this question completely - but our Practice Heads have dared to take a look into the crystal ball and give an outlook on what might be coming in the cybersecurity world in 2025.

read more...

 

Is MFA the silver bullet against phishing?

by: Yuri Gbur, Senior Security ConsultantTuesday, November 12, 2024

Multi-factor authentication (MFA) is often presented as THE solution against phishing attacks, since a second factor (e.g. a temporary one-time password) cannot be reused by attackers. Many companies and software vendors therefore require their employees and customers to use MFA. Microsoft has also changed its requirements for MFA for many of its Azure cloud services since October 2024, enforcing the use of a second factor without the option of disabling it. More services will follow in early 2025 (https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/).

read more...

 

Do you know your risks, and can you assess them correctly?

Threat Modeling Methods for Manufacturing Companies (Part 2)

The first part of this blog post series Do you know your assets? introduced the importance of threat modeling for manufacturing companies as well as the CERTAINITY modeling technique and the underlying metamodel. This modeling technique enables comprehensive modeling and assessment of threats and risks based on three levels of abstraction.

This blog post discusses the CERTAINITY method of threat modeling for manufacturing companies, based on the data flow of the modeling technique.

read more...

 

DDoS stress test with CERTAINITY

Warum es sinnvoll und nutzbringend ist die eigene Infrastruktur mit distributed Dinal of Service Angriffe zu testen. read more...

 

Why are awareness and sensibilisation with regard to information security and cybersecurity so important for all of us?

by: Peischl Michaela, Senior ConsultantThursday, April 25, 2024

I took part at a webinar on “Fraud traps & fakes on the internet” organised by the Upper Austrian Chamber of Labour and was pleasantly surprised at how many people, even at an advanced age, also took part. I was so positively surprised that I would like to share a few thoughts on this. In today’s digital world, information security and cybersecurity are of crucial importance. But why should we be concerned with it at every stage of our lives? How can we protect ourselves from the many dangers we are exposed to every day on the internet or on other channels such as social engineering, fraud traps, etc.? In this article, I want to highlight the reasons for the importance of awareness in relation to information security and cybersecurity, as well as provide a few tips on how to protect yourself effectively.

read more...

 

Do you know your assets?

Threat Modeling Methods for Manufacturing Companies (Part 1)

Threat modeling is a practice in information security that involves identifying and evaluating threats and possible attack vectors during the design phase. This makes it possible to address the identified threats appropriately and at an early stage. This is particularly relevant for risk management, as decisions regarding risk acceptance or mitigation can be made on the basis of the risk assessment from the threat model.

In addition, the European Cyber Resilience Act and the IEC 62443 series of standards stipulate that a cybersecurity risk assessment or threat modeling must be carried out for products, software and hardware. In the course of threat modeling, the components of a product, the data flows between these components and external influences are evaluated with regard to potential risks. By carrying out this project step early on in the product development life cycle, it is possible to make design decisions based on the results and to mitigate the identified threats as far as possible with the help of a secure design.

read more...

 

The question with cyber incidents is not if it will happen, but when it will happen

by: Mia VolmutMonday, October 23, 2023

Interview about the preparation and legal aspects of cyber incidents read more...

 

OSINT: How companies can benefit from open source intelligence

The term OSINT stands for “Open Source Intelligence” and refers to the systematic systematic collection and analysis of freely available information. These These freely accessible sources of information include, for example databases, social media, (dark net/deep web) websites, online blogs, but of course offline content such as magazines, books or company flyers. company flyers.

The use of The use of publicly available sources to obtain information has a very long history and was already used over 100 years ago by secret services, security security organizations and resourceful entrepreneurs to gain an information advantage. information advantage.

read more...

 

BCM – Business Continuity Management & Resilienz: Zwei Bausteine vitaler Organisationen

by: Michaela PeischlThursday, July 13, 2023

In Zeiten von Naturkatastrophen, Cyberangriffen und anderen Krisen ist es für Unternehmen unerlässlich, sich auf diese Bedrohungen bestmöglich vorzubereiten.

Business Continuity Management (BCM) und Resilienz sind zwei wesentliche Aspekte, um Unternehmen und Organisationen vor unvorhersehbaren Ereignissen, dies kann alles von Naturkatastrophen bis hin zu Cyberangriffen, umfassen, zu schützen und im Ernstfall das Unternehmen schnell wieder handlungsfähig zu machen. Es geht dabei nicht nur darum, eine Krise zu überstehen, sondern vor allem auch gestärkt daraus hervorzugehen.

read more...