Markus Vervier
CEO of Nemesis Breach and Attack Simulation
With more and more companies and government agencies facing cyberattacks, cybersecurity strategies must evolve to provide the best protection possible.
With more and more companies and government agencies facing cyberattacks, cybersecurity strategies must evolve to provide the best protection possible.
Nemesis BAS was founded in 2022, led by a team that came together to apply their knowledge and improve security with a more systematic and continuous approach. “As a consultant for many companies, I’ve often noticed that when I revisit a company a few months later, some problems have not been fully resolved due to a lack of continuous monitoring,” explains Markus Vervier, CEO of Nemesis.
This is not necessarily the fault of the companies involved: “They often do their best to defend their operations, and large companies have the resources to deploy large-scale measures. But that’s not always the case for smaller organizations that don’t have the resources to hire a full-time expert”.
Outwitting the Cyber Pirates
Hence the Nemesis Breach and Attack Simulation (BAS) mission to develop alternative solutions: “We do not aim to replace humans, but to fill the gap left by the absence of an expert. With our continuous, automated security testing and proactive breach simulations, we offer the best possible protection against cyber threats”.
“Cyber pirates use the same methods as burglars: first they observe the perimeter of your facility and equip themselves with the right tools to disable alarms and break into your data systems. Our job is to outsmart their plans by understanding their methods,” explains Mr. Vervier.
Specifically, Nemesis BAS allows companies to simulate real cyber threats in a controlled environment. This allows a company to test its existing defenses and identify potential gaps.
Fully Compliant with DORA
Meanwhile, the European Union has developed the Digital Operational Resilience Act (DORA), which creates a regulatory framework for digital operational resilience. It requires financial sector companies to ensure that they can withstand all types of disruptions and cybersecurity-related threats. The regulation will apply to all EU member states from January 17, 2025.
“As cybersecurity experts, we are delighted that DORA is finally the first regulation with practical implications and real-world testing,” says Markus Vervier. “With this in mind, we help companies comply with DORA by combining compliance reporting and document management with technical security control testing.”
Greater Coherence
The Nemesis BAS business model is based on an annual subscription license offered at very competitive prices. Nemesis guides organizations step-by-step through their compliance journey and provides a solution for the technical testing requirements mandated by DORA. By centralizing all compliance-related documentation, Nemesis provides a unique and organized reference for documentation, security management policies, reports and DORA assessment files.
Nemesis BAS solutions provide integrated mapping to ISO27001, the internationally recognized standard for information security and management. The same is true for the European NIS2 directive, which aims to strengthen the resilience of critical facilities against cyber attacks. “The benefit is real in terms of reducing the time and resources required to manage compliance, as teams can streamline their efforts across similar standards. In addition, automated, audit-ready reports save time and ensure consistency, giving teams confidence that they can easily meet audit requirements and focus more on addressing potential resilience gaps rather than manual reporting,” concludes Vervier.
