In today's digital world, the IT security of corporate data and digital business assets is of paramount importance and has a highlighted relevance. The new SonicWall Cyber Threat Report 2024 offers revealing insights into the current cyber security and IT security situation that every company should be aware of. As one of the leading regional IT service providers in Bremen, b.r.m. IT & Aerospace offers customized solutions to master these challenges. We specialize in IT service, IT security and green IT.

Strong growth in cyber threats

The new report from SonicWall shows an alarming growth in digital threats. Cases of malware, encrypted threats and cryptojacking attacks are on the rise. The rapid 659% increase in cryptojacking is particularly critical. These findings underline the need for a robust and professional IT security strategy for companies.

Customized IT service for companies in Bremen

At b.r.m. IT & Aerospace, we are convinced that every company has individual security needs and benefits from a customized IT service. Our experts use the latest findings and modern technologies to develop security measures tailored to your needs. This enables us to protect your company - today and tomorrow. Offensive measures are the best defense. With proactive monitoring and threat intelligence, we can identify threats before they can cause damage.

Cyber Threat Report underlines the relevance of professional IT service

The findings of the SonicWall Cyber Threat Report 2024 highlight the need for a strong IT service. As a professional company with over 30 years of experience, b.r.m. IT & Aerospace is ready to support you and your company with first-class IT service and customized security solutions. Please contact our managing director Harald Rossol to find out more about our IT service in Bremen. You can reach us by phone at +49 421 34 14 94 and by e-mail at brm@brm.de.

The path to certification in accordance with ISO/IEC 27001 "Information security, cyber security and data protection - Information security management systems - Requirements" is arduous and time-consuming. The first hurdles have already been successfully overcome and the first audit successfully completed.

The further certification steps will take place in the course of Q2-Q3/2024.

Following the successful recertification of the EcoStep 5.1 certification for our integrated management system in February of this year, we are rounding off our future activities as a USSP (U-Space Service Provider) with ISO/IEC 27001 as a whole.

Mr. Marius Ammermann will be happy to provide you with further information. You can reach us by phone at +49 421 34 14 94 and by e-mail at brm@brm.de.

b.r.m. IT & Aerospace GmbH was again awarded the prestigious EcoStep certificate on February 23, 2024, making it the first company with a management system for a U-Space Service Provider (USSP), a certification that combines the most important standard requirements of ISO standards 9001, 14001 and 45001. This is another milestone and very special moment for us and underlines our commitment to the field of unmanned aviation. This multiple certification recognizes our approach to quality, environmental protection and health and safety at work.

U-Space Service Provider (USSP)

As a U-Space Service Provider (USSP), b.r.m. IT & Aerospace will play a decisive role in the integration of unmanned aerial systems (UAS). The EcoStep certification demonstrates our commitment to the highest standards in quality, environmental management and occupational safety. Furthermore, this award confirms our daily work to develop innovative and safe solutions in the field of UAS and USSP. The management system of b.r.m. IT & Aerospace was the first company to be certified for the U-Space Service Provider (USSP) sector.

EcoStep - More than just a certificate

We were awarded the EcoStep certificate for a management system that verifies internationally recognized ISO standards in the areas of quality management, environmental management and occupational health and safety. An audit was carried out by GUT Zertifizierungsgesellschaft für Managementsysteme mbH. With this award, we prove that the use of innovative technologies and responsibility and sustainability are compatible and not mutually exclusive.

UAS opportunities with b.r.m. IT & Aerospace

The opportunities for unmanned aviation are enormous. Please contact us to find out more about the possibilities of UAS, USSP and advanced air mobility. As a certified aviation company, our experts around our managing directors Mr. Harald Rossol and Mr. Markus Rossol will advise and support you in your case. You can reach us by telephone on +49 421 34 14 94 and by e-mail at brm@brm.de.

A sunny "Moin" from Niedersachsen Aviation Day! Today, Thursday, 07.09.2023, the 4th Niedersachsen Aviation Day will take place in Hildesheim. We are looking forward to exciting specialist presentations and insights into manned and unmanned aviation.

After the welcome by Stefan Schröder, Niedersachsen Aviation, and the host AutoGyro, represented by Mr. Gerald Speich, an extensive program will take place. As part of the series of lectures, our Managing Director Harald Rossol will talk about the advantages and current developments of the "Hatten-UAS" test center and its possibilities. Further highlights can be found in the program.

When it comes to energy saving and environmental friendliness, green IT seems to be the best and most proven solution for the time being. This rethink has resulted from rising energy prices and growing environmental awareness. However, even before this time, there were pioneers who were particularly concerned with the topic of energy saving and environmental friendliness.

What is the difference?

A data center emits an extreme amount of heat and often has to be cooled with air conditioning systems, for example. The electricity used for this is not only very expensive, but also unsustainable in terms of resources. In addition, the ecological footprint swells and is in turn very harmful to the environment.

In order to minimize and solve these problems, clever minds have developed the Green IT operating concept. In addition, many websites provide helpful tips for optimizing and saving resources. Bremen entrepreneur Harald Rossol was one of the first in Germany to successfully apply green IT. In addition, his company b.r.m. can save around 60% of energy costs without any loss of performance thanks to its certified data center, which also has a positive impact on customers. His hardware and software optimizations have helped him and his company to win a number of awards and a high reputation in the IT industry.

Green IT at b.r.m.

The new operating concept is standard for b.r.m. standard. In addition to numerous other optimizations in the data center, Green IT has proven to be a successful and certified concept. The environmentally friendly and GDPR-compliant data center has been available to b.r.m. customers for years. The waste heat from the data center is used to heat and cool offices.

B.r.m. is a pioneer of green IT, which is consciously and as sustainably as possible committed to energy efficiency, the environment and the conservation of resources.

NAT and PAT technology is used to replace an Internet Protocol address (IP address) with IP data packets. But what exactly is it, how does it work and how secure is this solution?

What is NAT?

Network Address Translation (NAT) acts as a translation of an IP address used in one network into another IP address used in a different network. It converts a public IP address into several private IP addresses. Each outgoing connection is read with an IP address and port number. The NAT can then use the specified port number to assign incoming data to a local station. However, this assignment is only valid for a short time.

A distinction is also made between source NAT (SNAT) and destination NAT (DNAT). With a SNAT, the source address is exchanged, which is typical for private Internet access. However, a destination NAT (DNAT) is used to change the destination of an IP packet. The DNAT is usually used to change a public IP of an Internet connection to a private IP address of a server in the private subnet. SNAT and DNAT can be used individually or together for an IP packet.

What is PAT?

Port address translation enables several devices in a local area network (LAN) to be mapped to a single public IP address. This technology is therefore an extension of NAT. In this way, many IP addresses are saved. PATs are used in most home networks.

How safe is this technology?

In terms of IT security, there are few security concerns with NAT. As the end devices are hidden behind a router, i.e. in a private network, from the public Internet, the systems cannot be reached from the Internet. A direct Internet connection is only required when the end devices establish a connection. Although this technology cannot replace a fully-fledged firewall or packet filter, the protection is comparable to a rudimentary firewall.

If you have any questions about more detailed information on these techniques, the b.r.m. staff will be happy to help. You can also read more on this website.

Compliance with the DSGVO and GDPR is more important than ever in the age of the internet. They are the basic rules of data protection and data security. They also form the basis of transparent handling, which is intended to limit the misuse of data.

What is the GDPR?

The General Data Protection Regulation (GDPR) originates from the European Union and provides rules for the processing of personal data. The regulation must be applied if data is stored or is to be stored in a file system during processing.  

These apply throughout the EU in both the private and public sectors. This means that every company that processes personal data must comply with the GDPR. This also applies to natural and legal persons, as well as to companies working on behalf of a third party.

What does GDPR stand for?

The General Data Protection Regulation (GDPR) forms the new legal framework of the European Union. The regulation defines exactly how personal data may be collected and processed.

Since May 2018, these regulations have applied to all organizations based in the EU that process personal data. It also applies to all organizations worldwide that process the data of EU citizens.

DSGVO and GDPR at b.r.m.

The Bremen-based IT service provider b.r.m. is known for its GDPR-compliant data center. In addition, b.r.m. has strengthened its security through several parameters. From technical and organizational measures (TOM) to security analyses and risk assessments, business ressource management is ideally positioned.

In addition, Harald Rossol and Thorsten Brendel from b.r.m. are engaged as company data protection officers. They are experts in data protection and will be happy to answer any questions you may have.

Many companies and organizations had significant problems not only due to the coronavirus pandemic, but also in terms of IT security. 2021 was not a good year for IT security, as it revealed significant security gaps and cyber attacks on companies rose sharply, our 2021 review:

Development of cybercrime

In 2021, there was a significant increase in cyberattacks on companies and organizations. This trend has increased significantly since 2020. According to a study by the website Check Point Research, the number of cyberattacks on organizations of all kinds increased by 40%.

The pandemic created enormous time pressure for IT service providers due to the need to make work more flexible. In addition, hacker attacks occurred much more frequently and became increasingly sophisticated. Hackers were often faster than the defenses against them. One massive problem in IT security was the so-called zero day.

Zero-day gap as a major threat

IT systems are constantly evolving and software is therefore usually quickly outdated. New patches bring the devices up to date and close old security gaps.

However, this so-called zero-day included four security flaws in Microsoft Exchange servers, which were inadvertently implemented by the developers due to faulty programming code. This gave the hacker group Hafnium the opportunity to infiltrate and scan thousands of Exchange servers. However, as it has not yet been possible to clarify whether a backdoor was installed, the consequences for the future cannot yet be determined.

What can we learn from this?

You cannot prepare for a zero day, as they can occur anywhere and undetected. However, you can comply with data protection rules in accordance with the GDPR. There are two versions of this: privacy by design and privacy by default. The latter describes settings that are data protection-friendly by default. Privacy by design describes the data protection processes that are best complied with if they have already been technically integrated during development. A double locked door, so to speak.

However, this requires a reliable IT security policy. This relies not only on progressive technology, but also on an appropriate firewall. IT security is defined by continuous updates and qualitative combating of security gaps.

Review 2021: IT security is a very dominant topic in the IT industry and is associated with a constant striving for quality. In addition to process digitization, increasing the speed of data management and developing digital products is also a challenge for future IT.

In an increasingly digital world, modern IT services are more in demand than ever, as is an attitude towards solid IT security. In addition to qualitative and rapid processing of upcoming tasks by effective service providers, the area of data and network security, or IT security for short, is still an often underestimated sub-area.

As stated by our expert partner Sonicwall in the latest annual report, cyber attacks by ransomware and encrypted threats are increasing significantly. Ransomware attacks in particular have risen by 105% compared to the previous year and by as much as 232% compared to 2019.

In addition to our data protection resources through Harald Rossol and Thorsten Brendel, we also have extensive expertise in IT security and GDPR. Together with our partners, we have the concepts to keep your security up to date.

Ransomware - money or computer?

The method of extorting a 'ransom' by blocking the computer has increased considerably in recent years. The user of a computer then only sees the attackers' 'ransom note' on the monitor. The particularly perfidious thing about this is that if the victim agrees to the demand, their computer usually remains blocked anyway. It is therefore very rare to be able to 'buy your way out'.

Ransomware no longer affects just one operating system. Whether Linux, Mac OS or Windows, all users are affected by this digital form of highway robbery. There have also long been many instructions for building ransomware, known as 'crimeware kits', on the DarkNet. Ransomware usually does not encrypt the entire computer, but rather the data that is important to the user, such as the 'My Documents' folder under Windows.

Protection against ransomware is similar to protection against other viruses or Trojans. For example, a user receives an email with the attachment of an unpaid invoice, with a threat of punishment from the Federal Criminal Police Office, or with alleged usage violations by GEMA. Anyone who opens such an attachment has then handed the blackmailers the 'house key' themselves.

You should therefore NEVER open an e-mail attachment that does not come from an absolutely trustworthy source. GEMA and the BKA still use the good old letter post. It is also important to regularly back up all relevant data on external data carriers, as this keeps it out of reach of the blackmailers. Browsers can be protected against the execution of Java commands by installing applications such as 'NoScript', and ad blockers also offer increased protection.

Firewall: Overcoming walls

A program must always open a 'port' - or at least a porthole - if its generated content is also to be visible on other monitors worldwide. As in the case of a homepage, for example. Where something can leave such a 'port' or 'harbor' into the virtual world, something can of course also enter it. This is why 'firewalls' were created to protect a computer from unwanted access from the network. These security programs make sure that only the desired guests enter the home port according to defined rules. As a rule, every access must overcome two such protective walls: the first at the provider, the second at the client on the network computer.

Privacy by design - IT security as a holistic concept

The two terms 'privacy by design' and 'privacy by default' are older than the new General Data Protection Regulation (GDPR). However, the law has given them a whole new meaning (Art. 25 GDPR).

'Privacy by design' means that the technical structure of a data processing system must be designed in such a way that data protection is automatically integrated into the system. In other words, data protection and IT security must be a system feature. This is done through the 'Technical and Organizational Measures' (TOM) when installing the computers and implementing their programs. This is the manufacturer's turn.

'As quickly as possible', 'create transparency', 'minimize', 'enable' - all phrases that have so far created little more than a wide scope for interpretation.
In short, the rule of 'privacy by design' does not allow for a standardized answer; it depends on the respective data protection requirements. However, it is clear that the possible requirements of the GDPR must be taken into account when setting up a data processing system and when selecting and implementing the technology and software used.

Interested readers can find the complete Cyber Thread Report 2022 from our partner Sonicwall here.

Certified EcoStep management system: b.r.m. has once again been certified in accordance with the EcoStep 5.1 management system for small and medium-sized enterprises. Starting in 2008, this is now the 15th and 16th year in a row that b.r.m. has been certified for its operating procedures and processes. For all management systems, the focus is on ensuring that tasks and activities are in line with the objectives and that operational processes run smoothly.

EcoStep is a practice-oriented alternative to the conventional ISO standards. Combined in one system, it uses the most important standard requirements of the following standards from an SME perspective:

• DIN EN ISO 9001:2015 Quality management
• DIN EN ISO 14001:2015 Environmental management
• DIN ISO 45001:2018 Occupational health and safety

With the help of the three aspects (quality, environmental protection and occupational health and safety), various process descriptions are possible, ranging from value creation processes to management processes. Development processes and other supporting processes are also recorded.

The EcoStep management system uncovers potential for reducing costs, implements controlling and key performance indicator systems to support management and increases legal certainty. Continuous improvement is one of the top priorities here. Not only the certification audit for the award of certification is important here, but also the continuous chain of internal adaptations and adjustment of existing processes to the new, changing circumstances of day-to-day business.

Our thanks go to the great cooperation with the certification body GUTcert. Mr. Markus Rossol from b.r.m. carried out the audit with Mr. Hauke Kreutzfeld from GUTcert.

The resulting potential for improvement is constantly being exploited and we are already looking forward to the next 2 years, after which it will once again be: certified management system according to EcoStep.

You can view our complete certificate here .