DORA Articles 26 & 27: Key Requirements and How Zerberos Can Assist

Introduction The Digital Operational Resilience Act (DORA) is an EU regulation aimed at strengthening the operational resilience of financial entities against ICT-related disruptions. Among its provisions, Articles 26 and 27 set out specific requirements around advanced testing of critical functions and the qualifications of testing teams. Article 26: Advanced Threat-Led Testing Article 26 requires financial … Read more

Many organisations in Switzerland provide their employees with laptops, smartphones and access to internal networks. An IT usage agreement clarifies how these tools may be used responsibly and what obligations staff have to protect company data. Data protection and confidentiality: Employees must handle personal and customer data in accordance with the Swiss Data Protection Act … Read more

Application Programming Interfaces (APIs) power the modern web and mobile experience by letting different services talk to each other. They make everything from online shopping to bank transfers convenient. However, when APIs are designed or configured poorly, they create openings that attackers can exploit. The OWASP API Security Top 10 for 2023 highlights the most … Read more

APIs are the backbone of many modern applications and services. They link microservices, mobile apps and external partners, creating an attractive attack surface. Despite their central role, API security is still too often neglected in development projects. This is why OWASP has published a special guide on testing APIs to help organisations protect their interfaces. … Read more

In nearly every security incident, a human decision plays a crucial role. Someone clicks a phishing link, uses a weak password, shares information too freely, or ignores a warning — and the damage is done. This has led to a familiar saying in cybersecurity: “People are the weakest link.” But that’s only half the truth. … Read more

Cybersecurity isn’t a static goal. It’s a moving process — shaped not only by attackers, but by the way companies build and evolve their own IT environments. Every new application, every cloud account, every integration, every employee login expands a company’s attack surface. It usually happens quietly, without intention, but with significant consequences. In small … Read more

IT security is often seen as a necessary expense — a cost center that doesn’t directly generate revenue. Many companies only start investing in security after something has gone wrong. But the truth is quite the opposite: strong cybersecurity doesn’t just protect your systems — it saves money. Security creates structure, clarity, and stability. And … Read more

Many companies expect spectacular revelations from a penetration test. The classic image is that of a hacker gaining full access to the internal network within hours, uncovering customer data, or taking over entire systems. In reality, the results often look quite different: no exposed databases, no major breaches, no dramatic headlines. Instead, the report lists … Read more

Operational Technology (OT) encompasses the hardware and software used to monitor, control, and automate industrial processes. Unlike traditional IT, which focuses primarily on data processing, OT controls physical processes and machinery in real time. These systems were traditionally isolated (“air-gapped”) but are increasingly connected to IT networks and the internet to enable efficiency and remote … Read more

In today’s digital landscape, businesses face a multitude of challenges regarding IT security. Particularly concerning are the many security vulnerabilities that often go unnoticed, despite available patches and solutions. Cybercriminals actively exploit these weaknesses to infiltrate networks, steal data, or sabotage systems. In this blog post, we will examine specific examples of vulnerabilities (including CVEs) … Read more