Threat Analysis Confirms HITRUST e1, i1, and r2 Controls Mitigate the Most Prevalent Attack Techniques in 2025 Français

FRISCO, Texas, July 31, 2025 /CNW/ -- HITRUST, the leader in cybersecurity assurance, today released its Cyber Threat Adaptive (CTA) Update covering the first half of 2025. The analysis validates that the HITRUST CSF® e1, i1, and r2 assessment requirements once again cover 100% of the real-world techniques adversaries used most often from January 1 – June 30, 2025, with no control gaps identified against the five dominant MITRE ATT&CK® techniques.

HITRUST's Cyber Threat Adaptive (CTA) program systematically analyzes real-world threat intelligence, breach data, and adversary behavior to ensure that control requirements in the HITRUST CSF remain effective to actual cyber threats.

Key findings from the H1 2025 CTA analysis

• 220,000+ threat indicators compiled from 4,100+ threat-intel articles were mapped to ≈41,000 MITRE ATT&CK technique/mitigation pairs—providing the most complete view yet of attacker behavior in 2025.
• The e1, i1, and r2 control selections covered 100 % of the top five techniques observed—Phishing (T1566), Drive-by Compromise (T1189), Exploit Public-Facing Application (T1190), Exploitation of Remote Services (T1210), and Event-Triggered Execution (T1546).
• 435 publicly reported breaches were analyzed; phishing remained the lead initial-access vector, typically resulting in data exfiltration or ransomware deployment.
• Recommended priority actions include advanced phishing awareness training, timely anti-malware updates, disciplined vulnerability remediation, and comprehensive network/endpoint monitoring.

"Attackers don't wait for annual framework updates, so neither can defenders. Our semiannual analysis shows that HITRUST-certified organizations remain a step ahead because their controls evolve at the speed of the threat landscape," said Andrew Russell, Vice President of Standards, at HITRUST. "By mapping more than 220,000 fresh indicators to MITRE ATT&CK, we verified that every high-frequency technique in H1 2025 is mitigated by our e1, i1, and r2 requirements—often by multiple overlapping controls that deliver true defense-in-depth."

Why it matters

HITRUST's CTA program continuously stress-tests CSF controls against live threat intelligence—ensuring organizations that certify to the e1, i1, or r2 are protected by relevant, reliable, and proven safeguards rather than static "checkbox" frameworks. It also eliminates the need for relying parties to augment a HITRUST assurance report with a questionnaire to ensure it covers relevant and emerging cyber threats as is needed with other assurance reports. This approach underpins HITRUST's commitment to:

• Relevant Controls – continuously evaluated to ensure effective mitigations against known and emerging cyber threats
• Reliable Assurance – validated by consistent, rigorous assessment standards
• Proven Risk Mitigation – fewer than 1% of HITRUST-certified environments reported breaches in the past two years

Download the full report

A detailed breakdown of technique-to-control mappings, breach case studies, and actionable mitigation guidance is available in the H1 2025 Cyber Threat Adaptive Analysis .

About HITRUST

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

For media inquiries, please contact:
Leslie Kesselring
Kesselring Communications for HITRUST
[email protected]
503-358-1012

SOURCE HITRUST Services Corp.