In todays online world, every organisation is digital by default, and uses online technologies and processes as well as transfers to new principles of labour organisation. Moreover, in the connected and convergent world delivered by the Internet of Things (IoT), the digital landscape is vast, with every asset owned or used by the organisation representing another node in the network. It has never been more difficult for organisations to map the digital environment in which they operate.
Cyber attackers roam freely in this environment. They may attack large and small organisations in both the public and private sectors. Such attacks may be
either indiscriminate or highly targeted. Cyber attackers are well camouflaged: exposing the attackers requires cybersecurity defenses that identify the threat, even when it adopts the colors of its immediate environment.
Against this backdrop, organizations must consider their resilience in the context of different categories of threat:
Common attacks: These are attacks which can be carried out by unsophisticated attackers, exploiting known vulnerabilities using freely available hacking tools, with little expertise required to be successful.
Advanced attacks: Advanced attacks are typically carried out by sophisticated attackers, exploiting complex and sometimes unknown («zero-day») vulnerabilities using sophisticated tools
and methodologies.
Emerging attacks: These attacks focus on new attack vectors and vulnerabilities enabled by emerging technologies, typically carried out by more sophisticated attackers performing their own research to identify and exploit vulnerabilities. The results of the research show that companies still focus on cybersecurity issues and achieve significant progress in solving problems related to the detection and elimination of weaknesses in their protection system, but the variety and complexity of threats are of such great concern to organisations as never been before.