Reports from official sources, formal studies, and numerous stories from reputable news outlets worldwide all confirm that cyber-attacks are on the rise, becoming more advanced and widespread.
In this year's World Economic Forum Global Cybersecurity Outlook🡠report, a significant proportion of leaders (81%) stated that they feel either more exposed or equally exposed to cybercrime compared to the previous year.
Defences against cyber threats
To tackle these cybersecurity challenges, organisations need to strengthen their ability to bounce back from attacks and take steps to reduce cyber threats. The goal of any cybersecurity plan is to safeguard critical assets. Rather than trying to protect everything equally, it's essential to pinpoint what's valuable, assess vulnerabilities, and prioritise protection. This involves building layers of defence to ensure business operations can continue smoothly.
The best defences against cyber threats use both horizontal and vertical standards. Horizontal standards are broad and adaptable, while vertical standards address particular and detailed requirements.
ISO/IEC 27000 family
The ISO/IEC 27000 family of standards is crucial for safeguarding IT systems and enabling the smooth exchange of data online. It offers a robust, broad framework for comparing and adopting best practices in establishing, maintaining, and enhancing controls.
ISO/IEC 27001 is widely recognised as the leading international standard for information security management systems (ISMS) and their requirements.
EVS-EN ISO/IEC 27001:2023 „Information security, cybersecurity and privacy protection - Information security management systems - Requirements"
How can ISO/IEC 27001 benefit your organisation?
— Secure information in all forms, including paper-based, cloud-based and digital data,
— Protect the integrity, confidentiality and availability of data,
— Increase resilience to cyber-attacks,
— Respond to evolving security threats.
More than a dozen ISO/IEC 27000 standards cover further best practices in data protection and enhancing cyber resilience.
EVS-EN ISO/IEC 27000:2020 „Information technology - Security techniques - Information security management systems - Overview and vocabulary"
EVS-EN ISO/IEC 27002:2022 „Information security, cybersecurity and privacy protection - Information security controls"
EVS-ISO/IEC 27003:2021 „Information technology - Security techniques -- Information security management systems -- Guidance"
EVS-ISO/IEC 27005:2024 „Information security, cybersecurity and privacy protection - Guidance on managing information security risks"
These standards enable organisations of all sectors and sizes to manage the security of assets such as financial information, intellectual property, employee data and information entrusted by third parties.
How do you find the right standards?
In addition to horizontal standards, customised solutions are developed to safeguard particular domains and ensure the safety of industry and critical infrastructure assets. For instance, vertical standards address the unique security requirements of sectors such as the nuclear industry, industrial automation, healthcare, and the maritime industry, among others.
For example, IEC 62443 is a vital series of standards that establishes precise cybersecurity guidelines and specifications applicable to various industries and critical infrastructure environments. It is designed to keep OT systems running in the physical world.
Recognising that different organisations have unique needs, it's important to understand that one standard cannot address all requirements. IEC has developed a standards mapping tool🡠which helps organisations identify the standards that best align with their requirements.Â
International standards are key tools in the fight against cybercrime as they contain extensive security measures based on best practices from experts worldwide. All of these standards can be bought from our e-shop.
Cyber security: 2018-09 (en). IEC