Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

ENISA Issues Threat Report on Threat Reports

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, on Tuesday released a threat landscape report that provides an overview of current threats, threat agents and threat trends.

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, on Tuesday released a threat landscape report that provides an overview of current threats, threat agents and threat trends.

Targeted toward decision makers, security professionals, risk managers and others interested in information on threats, ENISA compiled the report after analyzing more than 140 recent publicly available reports and data from security vendors, networks, standardization bodies and other independent institutes.

ENISA CERT

“The ENISA Threat Landscape document is a contribution towards understanding the ‘cyber enemy’,” ENISA explained, noting that many steps must be followed to leverage Sun Tzu’s wisdom: “Know yourself, know the enemy. A thousand battles, a thousand victories”.

Some of the proposed steps by ENISA to help understand the cyber enemy include:

• Collect and develop better evidence about attack vectors

• Collect and develop better evidence about impact achieved by adversaries

• Collect and maintain more qualitative information about threat agents

• Use a common terminology within threat reports

Advertisement. Scroll to continue reading.

• Include the user perspective

• Develop use cases for threat landscapes

• Collect security intelligence that cover incidents in an end-to-end manner

• Perform a shift in security controls to accommodate emerging threat trends.

Emerging threats identified by ENISA include mobile computing, social media, critical infrastructure, trust infrastructures, cloud computing and big data.

After analyzing the many various reports and data sources, ENISA came to the conclusion that it is important for organizations to:

• Collect and develop better evidence about attack vectors

• Collect and develop better evidence about impact achieved by adversaries.

• Collect and maintain more qualitative information about threat agents

• Use a common terminology – It is considered as an important activity to develop a common vocabulary in threat management, e.g. to be used by standardization bodies, international organizations, governments and NGOs.(Related Reading: Why Being Vague is the Enemy of Security)

• Include the user perspective – The perspective of end-user is still absent from available information. Eventually, the end-user perspective could contain the impact of threats to end-users, but also provide guidance for development of threat awareness.

• Develop use cases for threat landscapes

• Collect security intelligence

• Perform a shift in security controls

“I am proud that the Agency undertakes this important work to better understand the composition of the current cyber threats,” said ENISA Executive Director Udo Helmbrecht in a statement. “This is the first and most comprehensive Cyber Threat Analysis available to date and a point of reference for all cyber security policy makers, and stakeholders”

Written by Louis Marinos and Andreas Sfakianakis of the ENISA, the full 96-page report is available here in PDF format.

Related Reading: Identifying the Threat and Understanding the Terrain in Cyberspace

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...