Global Threat Report 2024: Current threat situation

Security culture more important than ever

The trend in threats is moving away from malware and towards people. Interactive attacks increased by 60% in 2023, with 75% of attacks now taking place without malware. Criminals are now more likely to use methods such as phishing, social engineering or password spraying. This emphasises the fact that cybersecurity starts with the individual employee. Accordingly, it is highly relevant for companies and organisations to train their employees in the area of information security, for example by training them to become information security managers in accordance with ISO 27001. Targeted training can help you prevent potential cybercrime attacks, strengthen your organisation’s security and send a strong signal of trust to potential and existing customers!

Cloud at risk

While cloud use is also becoming increasingly attractive for organisations, the associated risks are also increasing massively. In the last year, the frequency of cloud attacks has risen by 75%, a warning for all companies that operate in the cloud themselves. In this area too, it is now essential to ensure additional security, for example by implementing ISO 27017. ISO 27017 is an extension of ISO 27001 and contains specific security measures for cloud service providers and cloud service customers. If your organisation operates in the cloud or plans to do so in the future, ISO 27017 certification is the right step towards security and customer trust!

Quick response needed

Another worrying development is the further reduction in the average eCrime breakout time (the time it takes an attacker to get from one infected device to the next within an organisation). While this was 84 minutes in 2022, attackers only needed an average of 62 minutes in 2023. This shows that an appropriate initial response to an attack within a short period of time is highly relevant.

The implementation of management systems offers a clear advantage here: trained employees, for example in accordance with ISO 27001, can detect cyberattacks more quickly and have more expertise in the initial response. Above all, implementing a business continuity management system can protect organisations from greater damage, as it defines clear steps and responsibilities in the event of a cyberattack and prevents possible operational failures.

We are at your side

Do you want to protect your organisation, business partners and customers from increasingly frequent cyberattacks? Acquire expertise in areas such as information security, cloud computing or business continuity management – CIS – Certification & Information Security Services GmbH is at your disposal as an accredited certification body!