The need for an ISMS in the context of increasing cybersecurity attacks

Recently, we have already reported the reasons for setting up and implementing an information security management system (ISMS) and the role of the information security officer (ISO).
The advantages of establishing an ISMS are evident, especially for the online marketing indusrty:
An information security management system:

  1. Ensures the protection of sensitive data within the business
  2. Guarantees business continuity even in the event of security incidents
  3. Ensures compliance with regulatory requirements 
  4. Confirms the secure handling of sensitive data and information 
  5. Enhances cost-effectiveness and reduces costs  

According to the “Bericht über die Lage der IT-Sicherheit in Deutschland 2022” by the Federal Office for Information Security (BSI), the situation is more tense than ever before. 

We are faced with the challenge of a intensified cybersecurity situation due to the aggressive war on Ukraine, as cybersecurity attacks are being used in this conflict. Furthermore, the report highlights an ongoing threat from cybercrime through ransomware and DDoS attacks (Distributed Denial-of-Service), primarily targeting the information security of e-commerce shops and other web-based service providers. Cyber extortion has also increased compared to the previous reporting period, particularly affecting not only high-revenue companies but also municipalities and individuals. 

The various examples listed in the report clearly demonstrate that security is a significant success factor in an increasingly digitally interconnected society and economy. Alongside enhancing the resilience of the population, it is important to take preventive IT security measures within the company.
Establishing an information security management system (ISMS) is one of the most important measures. Information security officers (ISO) in the company, who oversees the development and implementation and later take responsible for the system, can be set up internally or hired as an external consultants. The advantage of an external appointment is the ISO’s experience from other comparable projects.