meshBlog

Key Learnings From “The State of IT Security in Germany 2023” Report

By Björn Thomsen23. November 2023

In our commitment to assisting enterprises with their cloud transformation, meshcloud diligently observes the dynamic IT security landscape. The recently published “The State of IT Security in Germany 2023” report from the Federal Office for Information Security (BSI) strongly aligns with our mission. Stressing the urgency of promptly establishing clarity on security features, the report resonates with our approach to empower companies in crafting a Multi-Cloud Security & Compliance Strategy.

Amidst the recent increase in cloud security issues, the report stands as a vital resource, providing essential insights and recommendations for navigating the intricacies of secure digital transformation.

10 to 60 USD per log: Identity & Access Theft

In the realm of cybersecurity, information stealers pose a significant threat. These malicious programs, distributed through emails or disguised as legitimate software, target access data on compromised systems. The stolen and compiled data (like data stored in browsers, any crypto wallets and other information about an access asset) is forming a “log”. Logs are sold on underground marketplaces for 10 to 60 US dollars per log, presenting a risk, especially if it contains access data to a company network or session cookies of a cloud application, potentially serving as a gateway for ransomware attacks.

Identity and Access Management (IAM) therefore plays a crucial part in building a solid cloud foundation. Leveraging the cloud platform’s IAM systems like AWS IAM, Azure RBAC or GCP IAM is therefore important to achieve cloud security.

Vulnerabilities & Agent Networks

AI language models present unique challenges in cloud security due to their black-box nature. The fuzziness of natural language prompt injection complicates defense, requiring the prevention of not just specific texts but all semantic equivalents. This fuzziness blurs the line between zero-day and known vulnerabilities, challenging IT security procedures.

As language models integrate into agent systems, ensuring human control becomes crucial. Security questions clash with the trend of cloud-based functionalities and expansion into agent networks. Collaborative efforts, such as criteria development by the BSI and its partners, are underway to secure AI language models and system operations.

The NIS-2-Directive

The focus on cybersecurity extends to digital service providers, including online marketplaces, search engines, and cloud computing services, especially in the context of the Russian war in Ukraine. The NIS-2-Directive now mandates registration for these providers, enhancing visibility of security incidents and facilitating direct contact with regulatory authorities. Notable developments in UP KRITIS include recommendations on critical infrastructure products, adaptation in thematic working groups, and accompaniment of legislative projects.

Cloud computing services are now classified as crucial entities, subject to obligations similar to critical infrastructure operators. Additionally, social media platforms have been incorporated as a new category within the scope of digital service providers.

What is “The State of IT Security” report about?

In this report covering June 2022 to June 2023, the Federal Office for Information Security (BSI) analyzes the IT security threat landscape, with a focus on cyber attacks against government, public institutions, businesses, and individuals. Notably, it addresses ongoing cyber threats in the context of Russia’s war on Ukraine, providing examples across sectors and suggesting ways for users to protect themselves. The report is structured into three parts:

  • Part A provides an overview of the general threat landscape, current cyber threats, and the impact of artificial intelligence on these threats.
  • Part B explores specific risks to the state, industry, and society, arising from increased attack surfaces on potential victims.
  • Part C discusses current trends in cybersecurity, illustrating key topics.
    This edition, “The State of IT Security in Germany 2023,” marks the first time the report focuses on the BSI’s work. More detailed information on digital consumer protection, automotive and healthcare cybersecurity can be found in separate reports and BSI publications. The report aims to ensure comparability with previous and upcoming reports by adjusting data collection periods.

Where to get “The State of IT Security” report?

Would you like to learn more about the State of IT security in Germany? You can download the report (PDF) for free on the BSI-website: here.

We would also be happy to provide you with personal advice on cloud security: Don’t hesitate to contact our cloud experts.