To protect from cyber attacks, a company should perform risk assessment and treatment to find out what exactly the risks are, and to determine the best controls to mitigate those risks.

Here are a few examples of the most common ISO 27001 Annex A controls used to mitigate the risk of cyber attacks:
- A.5.6 Contact with special interest groups — stay in touch with people from security domain that will provide you insights into new trends on cyber attacks.
- A.5.7 Threat intelligence — collect all information about cyber attacks to get a wholistic picture of attacks.
- A.5.9 Inventory of information and other associated assets — know which information assets you have in order to be able to protect the ones that are the most sensitive.
- A.5.16 Identity management — allow only the people with trusted identities to access your systems.
- A.5.17 Authentication information — make sure 2-factor authentication is used for accessing your sensitive systems.
- A.5.26 Response to information security incidents — plan how to respond to cyber attacks to make the damage smaller.
- A.6.8 Information security event reporting — employees are instructed how to report incidents related to cyber attacks.
- A.8.2 Privileged access rights — strictly control and monitor accounts with privileged access.
- A.8.3 Information access restriction — restrict the access to sensitive information only to selected accounts.
- A.8.7 Protection against malware — update anti-malware software to prevent cyber attacks.
- A.8.8 Management of technical vulnerabilities — patch all systems to avoid any vulnerabilities.
- A.8.12 Data leakage prevention — systems should be configured to disable of transmission of sensitive data.
- A.8.13 Information backup — if a cyber attack is successful, the data can be recovered from the backup.
- A.8.20 Networks security — networks should be configured in a way to prevent cyber attack.