New ENISA Threat Landscape report analyses the latest cyber threats
- Published: Thursday, 31 January 2019 18:48
In 2018, the European cyber threat landscape changed significantly. The most important threat agent groups, namely cyber criminals and state-sponsored actors have further advanced their motives and tactics. This is according to the latest Threat Landscape report from the EU information security agency, ENISA.
The Threat Landscape report highlights some of the main trends relating to cyber threats in 2018, including:
- Mail and phishing messages have become the primary malware infection vector;
- Crypto-miners have become an important monetisation vector for cyber criminals;
- State-sponsored agents increasingly target banks by using attack-vectors utilised in cyber crime;
- The emergence of IoT environments will remain a concern due to missing protection mechanisms in low-end IoT devices and services. The need for generic IoT protection architectures/good practices remains a pressing issue;
- Cyber threat intelligence needs to respond to increasingly automated attacks through novel approaches to the use of automated tools and skills.
- Skills and training are the main focus of defenders. Public organizations struggle with staff retention due to strong competition with industry in attracting cyber security talents.
In the report ENISA makes the following recommendations for businesses:
- Businesses need to work towards making CTI available to stakeholders, focusing on the ones that lack technical knowledge;
- The security software industry needs to research and develop solutions using automation and knowledge engineering, helping end-users and organizations mitigating most of the low-end automated cyber threats, with minimum human intervention;
- Businesses need to take into account emerging supply chain threats and risks and bridge the gap in security knowledge among the services operated and end-users of the service.