Phone: (011) 7541-421, 3409-301, 3409-335, 6547-293, 3409-310
E-mail: Standards sales: prodaja@iss.rs Education: iss-edukacija@iss.rs Information about standards: infocentar@iss.rs
Stevana Brakusa 2, 11030 Beograd
Main menu

The Olympics: A Challenge for Cyberattacks

The French national museum network has fallen victim to a cyberattack, with criminals encrypting sensitive financial data and demanding a ransom to prevent its publication. The Grand Palais, a venue for some of the Paris Olympic Games, and a network of around 40 smaller museums were targeted in the attack. While it is unclear exactly how much the cybercriminals are demanding, it is unlikely that the ransom will be cheap. According to the Embroker Cyber Risk Index report, ransomware attacks are becoming both more expensive and more frequent. The report states that in just one year, the average ransom payment increased from $400,000 to $2 million. Embroker estimates that in 2023, the average downtime following a ransomware attack was equivalent to 17 working days.

In response to this growing threat, many organizations are implementing robust information security management systems to build resilience and mitigate the impact of these attacks. The most trusted framework for IT systems is ISO/IEC 27001, a globally recognized standard for information security management. Implementing ISO/IEC 27001 provides a systematic approach to managing information security. It helps organizations establish a culture of security and minimize risk, including from ransomware attacks.

The standard provides a comprehensive set of controls that can be tailored to an organization's specific needs and includes a risk management approach that can help organizations identify and prioritize their information security risks. ISO/IEC 27001 incorporates both technical and non-technical controls. Technical controls, such as firewalls, intrusion detection systems, and access controls, help prevent unauthorized access to networks and data. 

Statistical data shows that over 90% of breaches are a result of poor patch management. As a critical component of a comprehensive security strategy, ISO/IEC 27001 requires organizations to establish a robust patch management process to ensure that vulnerabilities associated with missing patches are identified and addressed in a timely manner.

ISO/IEC 27001 requires organizations to establish information security policies and procedures, to regularly review and improve their ISMS to adapt their defense against cyber threats, as well as to raise employee awareness through training on how to recognize and avoid fake emails and other social engineering tactics.

ISO/IEC 27001 is now part of an approved process scheme that provides independent assessment and issuance of the international IECQ certificate of conformity.

The SRPS ISO/IEC 27001:2022 standard can be purchased through the web shop on ISS website, and ISS can educate your employees on the importance of cybersecurity or assist your organization in implementing the requirements of this standard and integrating them into your internal procedures.