Continuous testing and training

Before a new software version for KOSTAL inverters is released, it undergoes a comprehensive testing process. Penetration tests (PEN tests) are a central component of this process, which specifically identify security vulnerabilities in the software.

Penetration tests simulate real attacks on the software in order to assess its resistance to potential threats. Different methods are used for this:

• White-box tests: the testers have full access to the source code and system documentation to identify vulnerabilities in the architecture and programming
• Black-box tests: Here, the system is checked as if by an external attacker without internal knowledge to ensure that the user interface and interfaces are robust against unauthorised access
• Gray box tests: This method combines elements from both approaches to enable the most comprehensive security check possible

The PEN tests at KOSTAL are not only carried out internally, but also by independent, external security experts to ensure an objective assessment of the security measures. The findings from these tests flow directly into the further development of the software so that potential vulnerabilities are eliminated before the software is released.

Training courses: A continuous learning process

A key component of KOSTAL's cyber security strategy is the regular training of all employees. The rapid development of IT technologies requires knowledge that is always up to date. This is why KOSTAL organises mandatory annual IT security training courses for all employees worldwide.

These training courses cover a wide range of topics:

• The basics of IT security in everyday working life, such as dealing with phishing emails or the secure use of passwords
• Specific requirements for the use of company systems, such as security when using MS Outlook ("email trust") or cloud services
• Scenario-based exercises to recognise potential security risks at an early stage and respond to them correctly

The training courses are concluded with practical tests to ensure that every employee not only understands the content, but can also apply it in practice. In this way, cyber security becomes an integral part of the corporate culture.

Responsibility for the future

With this two-pronged approach - regular software penetration tests and systematic employee training - KOSTAL is creating a robust foundation for cyber security. This commitment emphasises the company's responsibility towards its customers, partners and society.

At KOSTAL, cyber security is more than just a technical requirement; it is a continuous, company-wide process. Thanks to these measures, customers can be sure that KOSTAL inverters are at the forefront of technology and safe from the challenges of the digital world.

KOSTAL pursues a holistic approach to cyber security that combines state-of-the-art testing procedures with targeted employee training. Through regular penetration tests and mandatory security training, the company creates a stable, future-orientated security culture.

In this way, KOSTAL ensures that its products, processes and customer data are always protected in the best possible way. Cyber security is not a one-off goal, but a continuous process - firmly anchored in the corporate strategy and part of everyday life throughout the company.