ENISA ANNUAL REPORT – MAJOR UPDATE ON CYBER THREATS

“/>

ENISA is the European Union Agency for Network and Information Security. The agency´s latest annual report has recently been published.

Important developments across the full landscape of cyber threats are reported in depth. At the same time major cybersecurity advances achieved during the year are detailed.

The entire report is available from ENISA. In this Cyberblog we have identified key topics which are likely to be of most interest and relevance for our clients.

Trends

  • Phishing is on the increase. State-sponsored actions reveal a movement away from complex malware and infrastructrure targets and toward social engineering attacks. The effect of this trend is that phishing via mail and other messaging services are becoming the prime vector for cyberattacks. Our advice: Ensure that your company or organization continues to implement and maintain enhanced awareness of cyber threats among all personnel at every level.
  • Intelligence reports on cybersecurity tend to be very technical. This is unavoidable but it can be a problem as you try to raise the level of cybersecurity awareness among your colleagues – not least at executive level. The best results are usually achieved by building knowledge of cybersecurity, starting with the lowest-hanging fruit. Our advice: Focus your awareness-building on those who have the least technical competence.
  • Cryptominers have become a rich source of income in cybercrime.
  • Automated attacks on cybersecurity targets are on the increase. The best defence is automated tools – in combination with cybersecurity expertise. Is your organization in the public sector? If the answer is yes then you will likely need to work even harder to develop competence in this area since the private sector recruits a large part of the best qualified personnel. You´ll find more advice on how to maintain a continuous check on your organisation´s vulnerability here .

Conclusions

  • All organizations must ramp up training and information programs to ensure that Cyber Threat Intelligence (CTI) is available to a wider range of stakeholders. Every sector must also focus on raising the minimum level of cybersecurity awareness among all personnel. Meanwhile, the software industry needs to dedicate more resources to the development of solutions which use automation and knowledge to help end-users and organizations mitigate the bulk of the simplest automated cyber threats, while requiring minimal human intervention.
  • More resources must be devoted by all organizations to counter the increase in threats and risks relating to their supply chains. The technology sector needs to make qualitative improvements focussed on production processes. It also needs to implement blanket security assessments and, to a greater extent than today, make use of certification systems.
  • Finally, companies and organizations need to bridge the security gap between used services and the end-user. Cyber Threat Intelligence (CTI) is a major step forward in achieving this goal.