In the age of digitalization and automation, there are always new ICT trends in the world of work. At the end of the year, market researchers, consultants and other experts present their assessments of the trends.

What is an ICT trend?

An ICT trend describes a tendency in information and communication technology. This creates technical gaps, new opportunities, but also challenges. As every new or old trend has an impact on the world of work and must also react to current circumstances, changes can occur quickly.

Ongoing ICT trends

For example, the coronavirus pandemic has led to a significant increase in hybrid working and digital meetings. This change calls for new business models and technologies, but these were very limited due to supply bottlenecks.

Working from home and virtual meetings have put a lot of strain on the IT industry during the lockdown. As a result, the issue of IT security and data protection was initially a disaster with far-reaching consequences.

The shortage of skilled workers has been one of the ICT trends for many years. As a result, many companies are striving to optimize their processes and automate their activities on a large scale.

New trends

According to experts, the use of cloud infrastructures and their services is set to increase further. These are particularly attractive for companies due to the savings and flexibility they offer. In addition, hybrid cloud strategies offer a promising solution. They are a combination of a service application (SaaS) and on-premise data centers. In this way, data protection and the security of exponentially increasing data growth can be guaranteed.

There is also a democratization of technology. Knowledge and skills are becoming more accessible thanks to high-tech platforms. Process automation and open-source AI applications encourage people to contribute their views and expertise and develop solutions. Democratization thus creates basic innovations throughout the organization that provide practical and cultural support.

The IHK Examination Board of the Bremen Chamber of Industry and Commerce sets the examinations in training and further education. But what exactly is it, what tasks do the examiners have and how do you become an examiner?

IHK Examination Board

The Chamber of Industry and Commerce for Bremen and Bremerhaven is responsible for the organization, supervision and assessment of final examinations in the training and further education of the Chamber of Industry and Commerce professions. This involves not only theoretical but also practical parts of the training, which must be completed both orally and in writing.

There are examination boards for the various training courses. The members of the IHK examination board are not members of the Chamber of Industry and Commerce. However, new members are sought not only as examiners, but also as additional experts or as replacements for examiners who are leaving.

Tasks of an auditor

The tasks of an examiner are carried out together with a team of vocational school teachers, employer and employee representatives. The tasks include creating, correcting and assessing examination tasks and papers. In addition, work samples, presentations and documentation are assessed.

How do you become an examiner on the IHK Examination Board?

In order to be considered for appointment to an examination board, a number of requirements must be met. Sufficient professional expertise and a pedagogical flair are fundamental for the examiner. A certain degree of judgment and a sense of responsibility should also be present. The examiner must not be older than 65 years of age, but should have a mature personality.

The owner and managing director of Bremen-based IT service provider b.r.m., Harald Rossol, has been appointed to the examination board by the Bremen Chamber of Commerce. With his excellent experience in this industry, Mr. Rossol will serve on the examination board for IT specialists for application development until August 2024.

Many companies and organizations had significant problems not only due to the coronavirus pandemic, but also in terms of IT security. 2021 was not a good year for IT security, as it revealed significant security gaps and cyber attacks on companies rose sharply, our 2021 review:

Development of cybercrime

In 2021, there was a significant increase in cyberattacks on companies and organizations. This trend has increased significantly since 2020. According to a study by the website Check Point Research, the number of cyberattacks on organizations of all kinds increased by 40%.

The pandemic created enormous time pressure for IT service providers due to the need to make work more flexible. In addition, hacker attacks occurred much more frequently and became increasingly sophisticated. Hackers were often faster than the defenses against them. One massive problem in IT security was the so-called zero day.

Zero-day gap as a major threat

IT systems are constantly evolving and software is therefore usually quickly outdated. New patches bring the devices up to date and close old security gaps.

However, this so-called zero-day included four security flaws in Microsoft Exchange servers, which were inadvertently implemented by the developers due to faulty programming code. This gave the hacker group Hafnium the opportunity to infiltrate and scan thousands of Exchange servers. However, as it has not yet been possible to clarify whether a backdoor was installed, the consequences for the future cannot yet be determined.

What can we learn from this?

You cannot prepare for a zero day, as they can occur anywhere and undetected. However, you can comply with data protection rules in accordance with the GDPR. There are two versions of this: privacy by design and privacy by default. The latter describes settings that are data protection-friendly by default. Privacy by design describes the data protection processes that are best complied with if they have already been technically integrated during development. A double locked door, so to speak.

However, this requires a reliable IT security policy. This relies not only on progressive technology, but also on an appropriate firewall. IT security is defined by continuous updates and qualitative combating of security gaps.

Review 2021: IT security is a very dominant topic in the IT industry and is associated with a constant striving for quality. In addition to process digitization, increasing the speed of data management and developing digital products is also a challenge for future IT.

Post-growth & green IT - b.r.m. in Thega's resource efficiency event series. As part of the "Resource Efficiency Qualification", Thega from Thuringia offers further training for consultants. This is carried out with the support of the Thuringian Ministry of the Environment's State Initiative for Resource Conservation. In what is now the third block of the series, practical examples will be discussed and we are particularly pleased that Mr. Harald Rossol will be able to present b.r.m. and the award-winning green IT data center.

Qualification for resource efficiency through the Thega

SMEs can receive funding for resource efficiency measures through the Thuringian GREEN Invest funding program. The consultancy itself is also supported. Thega's series of events focuses on the continuous training of experts in the field of resource efficiency. In particular, the methods and instruments for analyzing and increasing resource efficiency in production processes are addressed. Theory and practice will be discussed over a total of 6 days. On 27.04.2022, various practical examples of resource efficiency will be presented, including b.r.m.'s green IT data center.

Energy and resource efficiency in data centers - Green IT

The environment and IT must not and should not be thought of separately. The energy costs of IT systems are still not recorded separately and therefore cannot be optimized.

The focus of new IT systems is on energy efficiency while maintaining high quality and security. We have developed a cost-effective operating concept that can save more than 60% energy - using standard market software and server components.

b.r.m. is a pioneer in green IT and helped develop the 'Blue Angel' certificate for energy-efficient data centers in collaboration with the German Federal Ministry for the Environment, Nature Conservation and Nuclear Safety and the German Federal Environment Agency. Our energy-efficient data center has been certified for quality, environment and occupational safety with its integrated management system according to 'ecostep' since 2005. In the same breath, the association blühfläche.de e.V. should also be mentioned, which is committed to the preservation and development of flowering areas and strips in northern Germany.

Post-growth leads to sustainable companies

These and other companies are synonymous with the efficient use of resources and their careful handling under the term post-growth. The fact that post-growth & green IT is also represented by b.r.m. at the Thega series of events on resource efficiency is naturally a particular pleasure for us. The basic idea behind the alternative economic model "post-growth economy" is that the economy should also function without growth. The current competition in the economy, which is all about faster, higher and further, is depleting natural resources.

As early as 1972, the Club of Rome warned of the consequences of unchecked economic growth. The path to post-growth can begin with small steps. For example, reducing output can lead to an improvement in quality. Certain products and services should be offered less, but in higher quality. 

This topic was also recently discussed in Impulse magazine, in whose article. b.r.m. is also cited as an example. Interested readers can find these articles here.

In an increasingly digital world, modern IT services are more in demand than ever, as is an attitude towards solid IT security. In addition to qualitative and rapid processing of upcoming tasks by effective service providers, the area of data and network security, or IT security for short, is still an often underestimated sub-area.

As stated by our expert partner Sonicwall in the latest annual report, cyber attacks by ransomware and encrypted threats are increasing significantly. Ransomware attacks in particular have risen by 105% compared to the previous year and by as much as 232% compared to 2019.

In addition to our data protection resources through Harald Rossol and Thorsten Brendel, we also have extensive expertise in IT security and GDPR. Together with our partners, we have the concepts to keep your security up to date.

Ransomware - money or computer?

The method of extorting a 'ransom' by blocking the computer has increased considerably in recent years. The user of a computer then only sees the attackers' 'ransom note' on the monitor. The particularly perfidious thing about this is that if the victim agrees to the demand, their computer usually remains blocked anyway. It is therefore very rare to be able to 'buy your way out'.

Ransomware no longer affects just one operating system. Whether Linux, Mac OS or Windows, all users are affected by this digital form of highway robbery. There have also long been many instructions for building ransomware, known as 'crimeware kits', on the DarkNet. Ransomware usually does not encrypt the entire computer, but rather the data that is important to the user, such as the 'My Documents' folder under Windows.

Protection against ransomware is similar to protection against other viruses or Trojans. For example, a user receives an email with the attachment of an unpaid invoice, with a threat of punishment from the Federal Criminal Police Office, or with alleged usage violations by GEMA. Anyone who opens such an attachment has then handed the blackmailers the 'house key' themselves.

You should therefore NEVER open an e-mail attachment that does not come from an absolutely trustworthy source. GEMA and the BKA still use the good old letter post. It is also important to regularly back up all relevant data on external data carriers, as this keeps it out of reach of the blackmailers. Browsers can be protected against the execution of Java commands by installing applications such as 'NoScript', and ad blockers also offer increased protection.

Firewall: Overcoming walls

A program must always open a 'port' - or at least a porthole - if its generated content is also to be visible on other monitors worldwide. As in the case of a homepage, for example. Where something can leave such a 'port' or 'harbor' into the virtual world, something can of course also enter it. This is why 'firewalls' were created to protect a computer from unwanted access from the network. These security programs make sure that only the desired guests enter the home port according to defined rules. As a rule, every access must overcome two such protective walls: the first at the provider, the second at the client on the network computer.

Privacy by design - IT security as a holistic concept

The two terms 'privacy by design' and 'privacy by default' are older than the new General Data Protection Regulation (GDPR). However, the law has given them a whole new meaning (Art. 25 GDPR).

'Privacy by design' means that the technical structure of a data processing system must be designed in such a way that data protection is automatically integrated into the system. In other words, data protection and IT security must be a system feature. This is done through the 'Technical and Organizational Measures' (TOM) when installing the computers and implementing their programs. This is the manufacturer's turn.

'As quickly as possible', 'create transparency', 'minimize', 'enable' - all phrases that have so far created little more than a wide scope for interpretation.
In short, the rule of 'privacy by design' does not allow for a standardized answer; it depends on the respective data protection requirements. However, it is clear that the possible requirements of the GDPR must be taken into account when setting up a data processing system and when selecting and implementing the technology and software used.

Interested readers can find the complete Cyber Thread Report 2022 from our partner Sonicwall here.

Certified EcoStep management system: b.r.m. has once again been certified in accordance with the EcoStep 5.1 management system for small and medium-sized enterprises. Starting in 2008, this is now the 15th and 16th year in a row that b.r.m. has been certified for its operating procedures and processes. For all management systems, the focus is on ensuring that tasks and activities are in line with the objectives and that operational processes run smoothly.

EcoStep is a practice-oriented alternative to the conventional ISO standards. Combined in one system, it uses the most important standard requirements of the following standards from an SME perspective:

• DIN EN ISO 9001:2015 Quality management
• DIN EN ISO 14001:2015 Environmental management
• DIN ISO 45001:2018 Occupational health and safety

With the help of the three aspects (quality, environmental protection and occupational health and safety), various process descriptions are possible, ranging from value creation processes to management processes. Development processes and other supporting processes are also recorded.

The EcoStep management system uncovers potential for reducing costs, implements controlling and key performance indicator systems to support management and increases legal certainty. Continuous improvement is one of the top priorities here. Not only the certification audit for the award of certification is important here, but also the continuous chain of internal adaptations and adjustment of existing processes to the new, changing circumstances of day-to-day business.

Our thanks go to the great cooperation with the certification body GUTcert. Mr. Markus Rossol from b.r.m. carried out the audit with Mr. Hauke Kreutzfeld from GUTcert.

The resulting potential for improvement is constantly being exploited and we are already looking forward to the next 2 years, after which it will once again be: certified management system according to EcoStep.

You can view our complete certificate here .

In our series "IT Review 2021", we look at the most interesting and dangerous IT security vulnerabilities of the past year, today: Zero-Day and Hafnium. 2021 was not a good year for IT security and shows once again that IT security must be seen as a continuous process. Defenses against attackers must be constantly refreshed, otherwise they will rot like an old unmanned castle wall.

The nightmare par excellence: zero-day and IT security

Software manufacturers usually act very quickly against known security vulnerabilities or have already identified the problem. A corresponding patch closes the security gap and the program can continue to be used for the time being. For this very reason, it is important to have and keep modern IT systems up to date. Continuous improvement is the key to stable and secure operation of IT systems.

However, a massive problem arises from a so-called "zero day". This term refers to the fact that the vulnerability exploited here has been known for zero days, at least to the manufacturer and the public. Therefore, there is no patch or workaround to close this gap. It was simply not known. The most sensational case of a zero-day exploit worldwide is certainly Stuxnet. Here, several zero-day vulnerabilities were used to disrupt production systems and execute unexpected commands.

Zero Day and hafnium, what happened?

At the beginning of March, a total of 4 relevant security flaws, i.e. "zero-days", were discovered on Microsoft Exchange servers. These were presumably used by the hacker group Hafnium to systematically scan and infiltrate thousands of Exchange servers. According to research, the aim was to install a "backdoor" in the systems, so it cannot be conclusively determined to what extent this vulnerability will have an impact in the future.

According to some estimates, Microsoft reacted more slowly than desired, but the exploited security gaps have been closed. Several security patches have ensured that the zero-day exploit is no longer usable.

Proper IT security means continuity

Proper, i.e. reliable IT security is a wish and promise of all those entrusted with IT systems. In addition to the standard technology, such as a firewall, there are also a number of conceptual points to consider. The magic triangle of cost, time and quality naturally also applies to this area of professional activity. With regard to the time factor in particular, it is immediately apparent that there can be no absolute state of security in a dynamic system. In the case of a zero-day exploit, the time component is distorted to such an extent that a correct (qualitative) response immediately generates high resource consumption. A good IT security policy therefore relies on continuous improvement and adaptation to a dynamic threat environment. Systems must not be operated unattended. Only taking action when something no longer works inevitably leads to disaster. Effective and efficient action is characterized by continuity. Please also read the statement by Dirk Arendt from Trend Micro.

March 20th marks the beginning of spring in the meteorological sense. Birds, bees and other insects will soon begin to roam our skies, but not only them. Drones or UAVs (unmanned aerial vehicles) have already become part of the airspace, not only as a hobby for RC enthusiasts, but also for the U-Space Service Provider b.r.m. .

The EASA has been working for some time on the cornerstones for coordinating civil drone aviation throughout the EU. To this end, the establishment of a new airspace, the so-called U-Space, is being prepared. Alongside other airspaces (such as the Gulf), U-Space is intended to enable manned and unmanned aviation to coexist.

U-Space - space for drones

A separate airspace just for drones is a difficult undertaking. After all, all aircraft have to land and take off, and any risk of collision must of course be avoided at an early stage, especially over conurbations. For this reason, the current concept of U-Space is designed to cause as little inconvenience as possible to other manned aircraft. The drones should register with a corresponding U-Space Service Provider (USSP) in the established U-Space and thus receive information on traffic information and other services that are necessary for safe operation. EASA is currently in the discovery phase in order to include transponder-free flight participants. Under the term iConspicuity, existing technologies such as ADS or Mobile are to be used to make every flight participant a conspicuity. This information can then be used to avoid a dangerous approach in advance.

What is a U-Space Service Provider?

The USSP (U-Space Service Provider) will be used at the interface between unmanned and manned space flight. It will provide various services to enable drone operators to navigate safely through U-Space. The core tasks will be the processing of "flight authorization" and "strategic de-confliction". Strategic de-confliction ensures that the submitted flight plan is checked for conflicts in the airspace.

There will of course be a service for registering the drones so that both the USSP and the authorities can access the status of the UAV. In addition to the relevant traffic information, consideration is also being given to which other services are useful for drone operators.

Outlook 2022 - What we can expect

Before the end of the first half of this year, the EASA intends to issue regulations on how the "iConspicuity" visualization of manned aircraft can be implemented in a meaningful way without introducing additional equipment or even a transponder requirement. We would then be a good deal closer to the permanent establishment of U-Space and civil drone traffic would already be within reach.

In the meantime, the UAS/UAV test center is being further expanded at the Oldenburg-Hatten airfield. Take a look at our current VTOL EGM project and visit the website of our project partner Optoprecision.

In our IT review for 2021, the security risks associated with Exchange servers - also known as "Proxyshell" - are a must. In this blog post, we describe what the ProxyShell vulnerability is all about and how companies can protect themselves against sudden security risks.

In the fall of 2021, the so-called ProxyShell vulnerability became known as a result of an enormous wave of attacks on unpatched Exchange servers (on-premise) versions 2013 to 2019. The Federal Administration's Computer Emergency Response Team (CERT-Bund for short) published an official security warning one day later. Fortunately, the vulnerability was quickly closed with a new patch released at short notice. However, it is questionable why this patch was only published after the vulnerability became known. Back in 2011, security researchers warned of a vulnerability on Exchange servers that could allegedly be hacked remotely by exploiting several security gaps. Furthermore, one should not rely on quick fixes for digital security risks - in the case of ProxyShell, almost 2000 servers were identified as vulnerable within 48 hours. Particularly risky: if your own server has been infected, even a subsequent patch would not help. In any case, the Exchange server should be checked for any attack patterns.

Exchange Server is Microsoft's e-mail and groupware server service. With an Exchange server, companies can organize their e-mail traffic and other tasks via a central interface. In contrast to the well-known email providers for private individuals, an Exchange server can be installed and used completely independently of foreign or third-party servers. Such an "in-house" solution is also interesting for companies due to the high data protection requirements that apply in Germany.

We at b.r.m. Technologie- und Managementberatung are the reliable, competent and regional IT service provider for companies in Bremen and the surrounding area. With us, you can be sure that the highest security standards are met, that your systems are always up to date and secure, and that you benefit from the advantages of energy-saving green IT. Please contact us for further information.

Windows is still the most widely used operating system in the world. Microsoft is now planning a major update in 2022 and will launch Windows 11 with many new features. Find out more about the pros and cons and the most important new features and functions of Windows 11 in this blog post.

New features in Windows 11

According to media reports, the taskbar and the widget panel have been revised. It should now be possible to make individual adjustments and install additional third-party widgets. 

The Cortana voice assistant will also only appear from Windows 11 onwards if the user expressly requests it. Until now, users have not been able to deactivate Microsoft's voice assistant. 

In addition, the Microsoft Outlook program is getting a major update - certainly one of the most popular e-mail programs. For those who prefer to use other programs, the Android apps that can be used on a Windows PC from Windows 11 onwards will be exciting. With this trick, Windows expands the number of potential applications for its users in no time at all. 

The new snap layouts, with which the screen can be divided into several areas to view several applications at a glance, ensure greater efficiency. 

Video conferences are now an essential part of our everyday lives - Windows 11 has also thought of this and offers a new button in the taskbar to quickly activate the mute function. This means you no longer have to search for the right video conference window.

Is Windows 11 worth it?

The question of whether and to what extent Windows 11 is worthwhile can only be answered after its release. Too many changes and features are only rumors so far and ultimately only real tests by independent users will show whether Windows 11 only brings advantages. In addition, users have very individual preferences when it comes to setting up and using their PCs - opinions on Windows 11 and its new functions could differ greatly. We look forward to the release of the next major update for Windows in summer 2022 and will then test and examine it in detail.

Are you looking for a competent and experienced partner for your IT? Contact us to find out more about how we can help you with your IT issues.