--- title: "Cybersecurity Report January 2025 | Aegister" description: Cybersecurity monthly report for January 2025 covering Italy, EU, and global threats. Key incidents, trends, and security recommendations for organizations. canonical: https://www.aegister.com/en/cms/insights/cybersecurity-monthly-report-january-2025/ url: /en/cms/insights/cybersecurity-monthly-report-january-2025/ lang: en --- ![](/static/images/header-contact.webp) # Cybersecurity Monthly Report – January 2025 (Italy, EU, Global) --- ![Cybersecurity Monthly Report – January 2025 (Italy, EU, Global)](/static/images/cms/cyber-monthly-report-jan-2025.webp) ## Cybersecurity Monthly Report – January 2025 (Italy, EU, Global) January 31, 2025 [NIS2](/en/cms/keyword/nis2/) [ACN](/en/cms/keyword/acn/) [EU](/en/cms/keyword/eu/) [GRC](/en/cms/keyword/grc/) +12 January 2025 reinforces three key directions for cybersecurity in Italy and across Europe: (1) a major **regulatory** step with **DORA** becoming applicable; (2) sustained pressure on the **perimeter** (VPNs and exposed edge appliances) as a primary compromise vector; (3) the persistence of **ransomware** as a systemic risk, with operational and policy implications. This monthly report summarizes the most relevant evidence and translates it into practical actions for newsletters, blogs, and [Virtual CISO](/en/solutions/virtual-ciso/) work. ## 1) Italy: ACN/CSIRT operational signals and implications Throughout the month, **ACN/CSIRT Italy** communications continue to highlight two recurring operational drivers: high-priority vulnerability handling (with attention to real-world exploitation) and readiness for disruption and nuisance attacks (including claimed DDoS). The core message remains: protect the perimeter, accelerate patching/mitigation, improve incident response quality, and build continuous threat awareness. - **Perimeter and exposed services:** inventory and harden VPNs, portals, DNS, and internet-facing gateways with continuous monitoring and configuration checks. - **Risk-based vulnerability management:** prioritize using exploitation signals and context (not only CVSS), including IT/OT where applicable. - **DDoS readiness:** playbooks, escalation contacts, scrubbing procedures, and recovery metrics must be tested, not just documented. ## 2) EU: DORA applicable (17 January 2025) and what truly changes The **Digital Operational Resilience Act (DORA)** is applicable from **17 January 2025**, introducing consistent operational resilience requirements for banks, insurers, intermediaries, payment institutions, and other regulated entities. DORA is not a paperwork exercise: it requires **verifiable processes**, credible testing, and effective control over ICT dependencies. For financial organizations, DORA impacts: - **ICT risk management:** governance, policies, controls, and operational metrics; - **Incident reporting:** notification and handling flows with evidence and timelines; - **Testing and resilience:** periodic testing programs, tracked remediation, exercises; - **ICT third parties:** inventory, criticality, contracts, ongoing monitoring, exit strategies (including cloud and managed services). For a structured program approach, refer to [DORA compliance](/en/solutions/compliance/dora/) and [Virtual CISO](/en/solutions/virtual-ciso/) support. ## 3) NIS2: operational milestones and 2025 readiness Within the NIS2 perimeter, January 2025 sits in a practical phase focused on registration/scope definition, pushing organizations to structure contacts, roles, domains/IPs, and internal processes. At the same time, there is growing pressure to align **governance and supply chain** with directive expectations—especially for essential and highly critical sectors. If you are building or updating your roadmap, consult [NIS2](/en/solutions/compliance/nis2/) and consider integrating [Threat Intelligence](/en/solutions/threat-intelligence/) to anticipate campaigns targeting exposed assets. ## 4) Vulnerabilities and global threats that matter for Italy International attention in January 2025 strongly concentrates on vulnerabilities affecting **VPNs and exposed gateways**, including active exploitation scenarios (e.g., Ivanti). This is highly relevant for Italy because many organizations—SMEs and supply chains included—still run edge appliances with patch cycles that are not consistently timely. - **VPN/edge appliances:** preferred targets for initial access and persistence; require rapid patching, hardening, and IoC-based hunting. - **Ransomware:** persistent pressure and operational impact, with policy signals (reporting and payment restrictions) affecting governance, insurance, and incident response. - **Essential services impact:** increasing focus on continuity and safety outcomes (healthcare, infrastructure) beyond IT-only effects. ## 5) Recommended actions for January (operational checklist) - **Internet-facing inventory:** control VPNs, DNS, portals, and public assets (including subdomains and shadow IT). - **Patch & mitigation sprint:** monthly fast-track window for edge/appliances with exploitation/scanning evidence. - **Tested incident reporting:** periodic drills for notification and handling (especially for finance/DORA and NIS2 scope). - **Third-party ICT governance:** supplier inventory, criticality, minimum clauses, exit strategy, continuous monitoring. - **DDoS readiness:** validate scrubbing, WAF, rate limiting, escalation procedures, and MTTD/MTTR metrics. ## Sources and official references - [ESMA – Digital Operational Resilience Act (DORA)](https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora) - [EIOPA – DORA overview](https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en) - [Italian Official Gazette – Legislative Decree 10 March 2025, n. 23 (national alignment to DORA)](https://gazzettaufficiale.it/eli/id/2025/03/11/25G00032/sg) - [NCSC (UK) – Active exploitation alert (Ivanti)](https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerability) - [Ivanti – Security update (Connect Secure / Policy Secure / ZTA Gateways)](https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways) - [ECSO – NIS2 Transposition Tracker (milestones and deadlines)](https://ecs-org.eu/activities/nis2-directive-transposition-tracker/) - [ACN – Operational Summary (January 2025)](https://www.acn.gov.it/portale/w/operational-summary-gennaio-2025) - [ACN/CSIRT – Cyber Week bulletin (5 January 2025)](https://www.acn.gov.it/portale/c/portal/update_language?languageId=en_US&p_l_id=511&redirect=%2Fportale%2Fw%2Fla-settimana-cibernetica-del-5-gennaio-2025) - [ACN/CSIRT – Threat status report (January 2025 reference)](https://www.acn.gov.it/portale/w/csirt-italia-pubblica-il-rapporto-di-gennaio-sullo-stato-della-minaccia-in-italia) - [Insurance Journal – Healthcare/continuity impact reference (January 2025)](https://www.insurancejournal.com/news/international/2025/01/15/808371.htm) If you want to translate this report into a 2025 audit-ready roadmap, we can connect it to a [Virtual CISO](/en/solutions/virtual-ciso/) program and continuous [Threat Intelligence](/en/solutions/threat-intelligence/) monitoring. ## FAQ ### What is the focus of this article? The article provides an official overview of the topic and the operational context discussed in the body. ### Where can readers find official references? Official references are listed in the dedicated source section at the end of this article. ### How can organizations request follow-up details? Organizations can contact Aegister through official channels to continue the assessment or implementation path. ## Official sources - [Official reference 1](https://www.enisa.europa.eu/) - [Official reference 2](https://www.nist.gov/cyberframework) - [Official reference 3](https://www.agid.gov.it/) - [Official reference 3](https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/digital-operational-resilience-act-dora) - [Official reference 3](https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en) Share this post ## Related News [![Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)](/static/images/cms/cyber-monthly-report-jan-2026.webp)](/en/cms/insights/cybersecurity-monthly-report-january-2026/) [Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)](/en/cms/insights/cybersecurity-monthly-report-january-2026/) [Aegister’s January 2026 monthly cybersecurity report: EU cybersecurity package with Cybersecurity Act revision and NIS2 simplification amendments, DORA supervisory maturity, edge/perimeter threats, and governance priorities for boards and security teams.](/en/cms/insights/cybersecurity-monthly-report-january-2026/) [NIS2](/en/cms/keyword/nis2/) [EU](/en/cms/keyword/eu/) +15 [![Cybersecurity Update – Week 22 of 2025](/static/images/cms/weekly-cyberupdate-22-2025.webp)](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [Cybersecurity Update – Week 22 of 2025](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [Aegister's weekly cybersecurity update for Week 22 of 2025, covering major threats, trends, regulatory changes (NIS2, DORA), GRC topics, and international initiatives.](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [NIS2](/en/cms/keyword/nis2/) [ACN](/en/cms/keyword/acn/) +13 [![NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-documentary-evidence-audit-readiness/) [NIS2 Documentary Evidence and Audit Readiness: How to Structure Compliance Proof](/en/cms/insights/nis2-documentary-evidence-audit-readiness/) [ACN baseline guidance requires documentary evidence as a core compliance element. Practical guide to evidence families, obligation-to-evidence mapping, version governance, and audit-readiness operating model.](/en/cms/insights/nis2-documentary-evidence-audit-readiness/) [NIS2](/en/cms/keyword/nis2/) [ACN](/en/cms/keyword/acn/) +10 ### NIS 2 Compliance with Aegister Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support. [Discover](/en/solutions/compliance/nis2/)