Cyberangriffe gehören zu der weltweit am schnellsten wachsenden Form an Kriminalität. Ein guter Indikator für den aktuellen Zustand ist die Tatsache, dass laut Medienberichten die Versicherbarkeit von Unternehmen gegen Cyberangriffen deutlich schwerer geworden ist. Die Versicherer schrauben den erforderlichen Reifegrad an Sicherheit hoch. Und genau das wird die Ablöse der derzeit gängigen Self-Assessments durch qualifizierte Audits mit der Hinterlegung zwingend erforderlicher Evidenzen mit sich bringen.

Geschäftsführung ist in der Pflicht

Durch die Richtlinie (EU) 2022/2555 erfolgt eine wesentliche Erweiterung der betroffenen Unternehmen und deren Pflichten. Ab 2024 kann davon ausgegangen werden, dass in Österreich ca. 3.000 Unternehmen, unterteilt in 16 Sektoren, ab 50 Mitarbeitern und 10 Mio. EUR Umsatz, nachweislich Cybersecurity Maßnahmen umsetzen müssen. Die nationale Gesetzgebung wird die Überprüfung der Einhaltung der Mindeststandards übernehmen und in weiterer Folge Geschäftsführer von Betreibern kritischer Infrastrukturen in die Pflicht nehmen.

As a Cyber-Incident Response provider, we at CERTAINITY have to deal with Ransomware- and other cyberattacks that do have devastating effects on the affected organization. In this blog post, we outline the most important do’s and don’ts when dealing with Cyber-Incidents. Cyber incident response refers to the actions taken by an organization to manage and contain the impact of a cyberattack or data breach. Effective cyber incident response is crucial to minimizing the damage caused by a cyber incident and restoring normal operations as quickly as possible.

The final proposal of the European Cyber Resilience Act is publicly available since September 2022 and so are the results of the EU's impact assessment of the planned regulation. While the overall need for the European Cyber Resilience Act or a similarly targeted regulation is out of question so is the fact that it will impact enterprises throughout Europe in the market of digital product development and sales.

In this article we will offer a high-level analysis of the regulation itself, provide some clarification regarding its scope and the potential impact as well as immediate remediation steps enterprises can take to address the requirements. This article will mostly focus on issues relevant for digital product developers and manufacturers.

CERTAINITY offers all employees ample opportunities for professional and personal growth – during interesting customer projects and via dedicated trainings.

Michael Brunner decided to take this offer to expand his already profound security architecture knowledge and attended the SABSA foundation courses in October 2022. SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives. Thereby, it is ensured that security services are designed, delivered, and supported as an integral part of IT management infrastructure and in accordance with business needs.

ONEKEY - one of the leading European specialists for automated IoT/OT security & compliance analyzes and CERTAINITY GmbH - the European cybersecurity consultant, will conduct joint research activities in the cybersecurity environment in the future. The focus will be on networked, intelligent devices and industrial controls and the results will be published on a regular basis.

Digitalization offers extraordinary opportunities for the economy and society. Nevertheless this also create considerable risks of espionage, manipulation and endangerment of privacy. Cyberattacks are becoming smarter; the threat in this respect has increased steadily in Europe in recent years. The research cooperation between ONEKEY and CERTAINITY will focus on the various security risks of networked, intelligent devices and industrial controls in the coming months. Their selection is carried out by ONEKEY and takes place in accordance with their Disclosure Policy.