Many organizations misjudge their risk under NIS-2. Not because they are uninformed, but because they focus only on formal thresholds: sector, size, legal definitions. In reality, exposure arises in three ways – and two of them work without a formal notification. Those who ignore this will, in a crisis, lack evidence, ...
CCNet
Feb 23, 2026 • 3 min read
What It’s Really About The discussion around NIS-2 often revolves around detailed regulations and interpretative questions. Understandable – but dangerous. Because the core has long been clear: Companies of essential importance to the economy and society must demonstrably professionalize their IT security and governance. Those who choose to “wait and ...
CCNet
Feb 20, 2026 • 4 min read
What It's Really About Anyone still believing that a password plus "something with push" is sufficient hasn't understood the reality of attacks. Attackers don't just steal passwords anymore; they hijack sessions, exploit weak devices, bypass SMS codes, and use so-called Adversary-in-the-Middle chains to hijack logins in real-time. MFA is therefore ...
CCNet
Feb 18, 2026 • 3 min read
Management Summary Honest assessment: In many environments, machine identities are more dangerous than user accounts. Service accounts with standing privileges, hard-coded secrets, eternal tokens, and missing telemetry are perfect entry points – invisible, convenient, often declared “technically necessary.” Anyone serious about Zero Trust must not only verify humans, but workloads, services, ...
CCNet
Feb 16, 2026 • 3 min read
Management Summary The era of network perimeters is over. Attacks start via email, browsers, remote access, identities, and services that never see your LAN. Those who still romanticize packet filters lose in speed and visibility. The way forward is unglamorous: Zero Trust as an operating principle („verify instead of trust“ ...
CCNet
Feb 13, 2026 • 3 min read