Mediacenter About us & JobsContact
de | en
IT & Data SecurityJul 04, 2025

Cyber acumen

The business model of hacking requires a holistic security approach against cyber attackers.

Medianet News Logo

VIENNA. The threat posed by targeted cyberattacks continues to escalate for companies, as shown by recent studies by the European Union Agency for Cybersecurity (ENISA): According to the Threat Landscape Report 2024, there has been a significant increase in cyber incidents in the EU—11,079 cases in the first half of 2024. What's more, the implementing law for the NIS2 Directive is set to come into force this year. So there is a clear need for action.

“The question is not whether an attack will come, but when – and how well prepared you are. If you only take selective action here, you run the risk of overlooking dangerous gaps,” warns Bernd Schellnast, Head of Operations and member of the management board at Sphinx IT Consulting. Their answer to this is a holistic and practical approach to security that encompasses not only technology, but also processes and people within companies.

Instead of relying on individual measures, Sphinx relies on an integrated security model. The approach covers all levels of the IT landscape – from infrastructure to user interface. The five core areas of the Sphinx security architecture – infrastructure protection, secure applications, data security, active monitoring, and awareness training – interlock and act as a seamless protective shield for companies of all sizes.

Human firewall

That leaves humans as the weakest link in the security chain. According to ENISA, social engineering, phishing, and human misconfigurations are among the most common gateways for attacks. “A well-trained team is the best defense against cyber threats,” says Schellnast, adding that practical content in training and awareness programs is preferable to “finger-wagging” in this regard.

As for NIS2, which is often perceived as a burden, Schellnast emphasizes that it is not purely a compliance issue – it is also an impetus to finally think about IT security strategically and holistically: “This applies not only to critical infrastructure, but also to small and medium-sized enterprises – because that is where effective protection mechanisms are often lacking.”

Article at Medianet