New Snellen charts for new blind spots

Adversaries are no longer breaking in - they're logging in as trusted users, bypassing traditional defences and moving laterally to achieve their objectives. Should enterprises be worried? How much? Fabio Fratucello, International CTO, CrowdStrike zooms in some new areas of concern and defence.

What kind of cyberattacks will matter going ahead - e.g. ransomware, malware, polymorphic malware?

Cyberattacks are increasingly shifting away from traditional malware toward identity-based intrusions. Adversaries are using stolen credentials and social engineering to infiltrate organizations undetected. According to CrowdStrike's 2025 Global Threat Report, 79 per cent of initial access attacks are now malware-free, with valid credential abuse responsible for 35 per cent of cloud intrusions.

This trend is driven by a booming underground market for stolen credentials - with access broker advertisements surging 50 per cent year-over-year. The reality is, adversaries are no longer breaking in - they're logging in as trusted users, bypassing traditional defences and moving laterally to achieve their objectives.

What is your view on the shift from point to platform security?