European businesses, much like their global counterparts, are caught in a delicate dance, with CISOs coping with sector-specific vulnerabilities, a regulatory maze, and geopolitical complexity. Forrester’s report, European Cybersecurity Threats, 2024, offers European security leaders some much-needed clarity.

Security Fundamentals Matter More Than Security Theater

Technology and security professionals often find themselves captivated by the allure of the exotic, shiny technology toy. While exploring new innovations and attack mechanisms might seem to keep you ahead of the curve, don’t forget that true strength lies in a solid foundation. Most cyberattacks stem from neglecting the fundamentals. Patch management, endpoint detection and response, vulnerability scanning, and asset management are the cornerstones of any robust security effort, regardless of how alluring other “a la mode” topics may be. Security pros will see the following trends this year:

  • Operational technology (OT) security needs to move from PowerPoint plans to implementation. European cyberthreats continue to evolve, with nation-state actors deploying advanced, persistent threats to infiltrate critical infrastructure, government networks, and private-sector systems. Critical sectors such as energy, telecommunications, healthcare, and defense are prime targets for cyber-espionage groups and need to level up their security, as “planning” for OT is not sufficient — you need to execute now, as threat actors have gone beyond “planning,” “roadmaps,” and “visioning sessions.” With the NIS2 Directive casting the net even further, regulators will also start asking difficult questions about OT security.
  • Implementing threat hunting and leveling up contingency planning are required in order to get ahead. Cyberattacks are inevitable, and while it is important to have extensive detection capabilities, organizations also need to plan for system failures. As threat actors innovate and find new ways to evade detection systems, security leaders need to invest in threat hunting capabilities to proactively identify embedded actors and containment capabilities to minimize impact. European security leaders should test contingency plans to respond to regulatory demands for resilience and rapid recovery, given the rocket boosters provided by NIS2.
  • Personal data theft has seen a resurgence. Incidents involving personal data theft increased in the last year within European organizations, consistent with global trends. A rise in exotic social engineering techniques such as deepfake audio means that it is only a matter of time before fine-tuned AI models designed to mimic specific individuals are applied to social engineering attacks. The data used to train these models will come from your organization if you do not secure personal data beyond compliance. Forrester provides practical guidance on how to deal with the threats introduced by emerging technology.

The report goes into the threats that European security leaders face and how they can deftly address them today while anticipating the intrigues of tomorrow. Forrester clients can book a guidance session with one of us and can read the complete report here.