06. Jul 2023

Findings, trends and recommendations for action

Global Threat Report 2023: Turning trends into active opportunities

Each year, CrowdStrike® publishes the Global Threat Report to highlight relevant cyberattacks, events and attack scenarios from the previous year. For those who do not wish to download the full report, we have summarized the key findings and some tips:

Increasing professionalization of cyberattacks

Cyber attackers continue to focus on already known vulnerabilities, and attack them repeatedly using new techniques and advanced technologies.

Approximately 71% of the attacks received by CrowdStrike were malware-free, and the eBreakout time (the time it takes attackers to threaten other systems on a network from the initial attack point) averages 1 minute and 24 seconds. This shows that attackers are looking for the weakest link in the chain and are using increasingly effective methods to reach their target faster and faster. Actively fixing vulnerabilities is therefore one of the most effective protective measures that allow hackers to move on quickly. At the same time, the number of cloud exploit incidents, i.e. those attacks in which vulnerabilities in cloud services are exploited, has risen by 95% and cloud services are thus more and more the focus of hackers. Conversely, this means that the skills and capacities for the secure use and integration of cloud services are becoming increasingly important.

"Cyber attacks and the actors behind them are becoming increasingly sophisticated and effective. We must be aware that the procedures and techniques will continue to become more professional in the future. This increases the risk of becoming a victim of a cyber attack ourselves.

Only through the competent use of comprehensive security systems and new technologies, coupled with the continuous development of know-how, can companies secure an important lead in terms of information and cyber security."

says Harald Erkinger, CEO of CIS.


Standstill not an option

Companies must therefore constantly deal with their "blind spots," illuminate them, and take appropriate action precisely there. In the area of management systems, we often speak of a CIP (continuous improvement process).

We have summarized some tips for you here:

  • Exposing weak points

    Whether with the help of a management system, internal scans, external penetration tests, or a fictitious attack (Red Team vs. Blue Team). Get an overview of your weaknesses – because it is precisely these that potential attackers focus on. Learn from mistakes and risks and turn them into opportunities for you!

  • Keep searching / Practice, practice, practice

    Detection and defense technologies are essential today. At the same time, the best system provides little added value if the employees are not trained accordingly. Both in proactive handling and for a scenario in which the emergency has already occurred.

  • Cloud security: high priority

    Corresponding standards, such as ISO 27018, promote the protection of personal data in cloud services by setting more specific requirements regarding implementation and compliance for service providers.

  • Sensitize employees to "social engineering"

    Social engineering tactics are also on the rise. These aim to exploit human characteristics such as helpfulness or trust. Even if many mechanisms are already known, responsible handling of data (e.g. in social networks), unknown senders, or the disclosure of confidential information is essential.

Want to know more?

Acquire your know-how in areas such as information security, data protection or cyber security now – CIS as your certification body will be happy to answer any questions you may have!


News & Events

The basis for long-term success!

17. Apr 2024

CIS joins the Austrian Data Centre Association (ADCA)

New cooperation

Learn more
17. Apr 2024

Smart compliance for data centres

NISG and EN 50600

Learn more
28. Mar 2024

ISO 42001 – the new standard for artificial intelligence

World's first standard for AI

Learn more
07. Mar 2024

The future of AI and data ownership

A balancing act between AI, information security and data ownership

Learn more
07. Mar 2024

Are we losing control of our data through artificial intelligence (AI)?

A balancing act between AI, information security and data ownership

Learn more
31. Jan 2024

CIS is the first inspection body for EN 50600

Product and service certification for data centers

Learn more
22. Jan 2024

Cyberattacks number 1 risk worldwide

New data published as part of the "Risk Barometer"

Learn more
07. Aug 2023

In conversation with Harald Erkinger and Christoph Mondl about New Work, opportunities and risks

The current topics of cyber security

Learn more
03. Aug 2023

What know-how we can look forward to at the CIS Compliance Summit 2023

Anticipation is building up for top-notch speakers!

Learn more
01. Aug 2023

Cybercrime – 3 current threats you should be ready for!

New report of the BKI

Learn more
05. Jul 2023

A strong shield for our data in the era of artificial intelligence

+43 1 532 98 90