1. Home
  2. News
  3. BSI situation report 2024: Growing cyber threats
  • Data Protection

BSI situation report 2024: Growing cyber threats

The IT security situation in Germany remains tense - as shown by the 2024 situation report from the Federal Office for Information Security (BSI). Cyber criminals are acting increasingly professionally, critical vulnerabilities in IT systems are on the rise, and attacks such as DDoS attacks or ransomware extortion threaten companies, authorities and private individuals alike.

In this context, the introduction of appropriate technical and organisational measures (TOMs) in accordance with Art. 32 GDPR is becoming increasingly important. In addition to complying with data protection regulations, these measures also make a significant contribution to cyber security and help to effectively counter such threats.

Cybercrime as a growing threat to data protection and IT security

Cyber criminals are increasingly using sophisticated methods such as trading in stolen access data (access brokers) or targeted phishing attacks to gain access to company networks.At the same time, serious security loopholes in firewalls, VPNs or operating systems are becoming known again and again, which attackers use for targeted attacks.

The protection of important data in particular is at risk if companies and organisations do not have sufficient security measures in place, with Art. 32 GDPR requiring data controllers to ensure ‘a level of security appropriate to the risk’ in order to prevent data loss, unauthorised access or manipulation.

How measures under Art. 32 GDPR can ward off cyberattacks

Measures that can be derived from Art. 32 GDPR are not only relevant for data protection, but also offer effective protection against cyberattacks, as the BSI situation report shows.

Encryption and pseudonymisation of personal data play a central role here, as they prevent stolen information from being directly exploitable. In addition, the introduction of multi-factor authentication (MFA) is an effective measure to make unauthorised access to accounts and systems considerably more difficult.

Another key element is patch and update management. Regular software updates close security gaps before they can be exploited by cyber criminals. This applies in particular to firewalls, VPN systems and operating systems, which are attacked particularly frequently according to the BSI report. At the same time, companies must ensure that their IT systems remain resilient even under stress. DDoS protection measures, such as the use of traffic filtering solutions and emergency plans, help to ensure the availability and resilience of the IT infrastructure - a requirement that arises directly from Art. 32 GDPR.

As ransomware attacks in particular have serious consequences for companies, a well thought-out backup and recovery strategy is essential. Regular, offline backups allow data to be restored quickly after an attack, minimising business interruptions.

In addition, clear access and authorisation concepts should be implemented to reduce the risk of attacks spreading uncontrollably within a network.

In addition to these technical measures, the human factor also plays a decisive role. Security awareness and regular employee training play a key role in preventing social engineering attacks such as phishing. Precisely because cyber criminals are increasingly relying on deceptively genuine fraudulent messages to obtain sensitive information, well-trained staff are an effective line of defence.

Conclusion: Data protection measures as part of the IT security strategy

The BSI Situation Report 2024 makes it clear that data protection and IT security cannot be considered separately.Measures in accordance with Art. 32 GDPR are essential to protect personal data, but they also make a significant contribution to warding off cyber threats as a whole.

Companies and public authorities that develop their technical and organisational protection measures accordingly not only protect the rights of data subjects, but also significantly reduce their own risk - both in terms of data breaches and operational failures due to cyberattacks.

The full status report can be viewed at the following link on the BSI website:
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2024.pdf?__blob=publicationFile&v=3

About Cookies

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.
Mandatory

These cookies are needed for a smooth operation of our website.

Name Purpose Lifetime Type Provider
CookieConsent Saves your consent to using cookies. 1 year HTML Website
fe_typo_user Assigns your browser to a session on the server. session HTTP Website
PHPSESSID Temporary cookies which is required by PHP to temporarily store data. session HTTP Website
__cfduid missing translation: trackingobject.__cfduid.desc 30 missing translation: duration.days-session HTTP Cloudflare/ report-uri.com
Statistics

With the help of these statistics cookies we check how visitors interact with our website. The information is collected anonymously.

Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
_pk_cvar Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
MATOMO_SESSID Temporary cookies which is set when the Matomo Out-out is used. session HTTP Matomo
_pk_testcookie missing translation: trackingobject._pk_testcookie.desc session HTML Matomo