ENISA’s Threat Landscape 2014 (ETL 2014) published today is the third yearly report in sequence, consolidating and analysing the top cyber threats and the evolution, encountered in 2014. ENISA Threat Landscape 2014, an activity contributing towards achieving the objectives formulated in the Cyber Security Strategy for the EU, stresses the importance of threat analysis and the identification of emerging trends in cyber security.
Novelties of the 2014 ETL include:
- information on attack vectors, giving initial information on the “how” of a cyber- attack
- the elaboration of use-cases of threat intelligence, showing how threat analysis can be used in phases of security management, and
- the involvement of stakeholders, consisting of 13 experts from CERTs, vendors, Member States and users.
In 2014, major changes were observed in top threats: an increased complexity of attacks, successful attacks on vital security functions of the internet, but also successful internationally coordinated operations of law enforcement and security vendors. Many of the changes in cyber threats can be attributed exactly to this coordination and the mobilisation of the cyber community. However, the evidence indicates that the future cyber threat landscapes will maintain high dynamics.
2014 can be characterised as the year of data breach. The massive data breaches identified massive attacks to main security functions of the Internet, demonstrating how effectively cyber threat agents abuse security weaknesses of businesses and governments. Main lessons learnt of the ETL highlight that “sloppiness” with regards to cyber security - is the number one reason for breaches accounting for 50% of the cases. Additionally, a positive development is reflected in the increase of both the quality and the quantity of the collected information, resulting in better threat assessment and more detailed material for end-users.
In the ETL 2014, details of these developments are consolidated by means of top cyber threats and emerging threat trends in various technological and application areas with references to over 400 relevant sources on threats, to help decision makers, security experts and interested individuals navigate through the cyber threat landscape.
The Emerging Technology that will impact the Threat landscape are: Cyber Physical Systems (CPS), Mobile and Cloud computing, Trust Infrastructure, Big Data, and Internet of Things. CPS - has an important impact within the protection of Critical Infrastructure Protection - represents a distinct opportunity creating competitive advantages for European industry and research.
Udo Helmbrecht, ENISA’s Executive Director, commented on the project: “Identifying and understanding cyber threat dynamics evolves to a very important cyber security tool. The dynamics of the cyber threat landscape set the parameters for flexible, yet effective security protection regimes that are adapted to the real exposure. Understanding the dependencies among all components of the threat landscape is an important piece of knowledge and an enabler towards active and agile security management practices. With ETL 2014, ENISA continues its contribution to publicly available cyber threat knowledge.”
This year, ENISA has developed two thematic threat landscapes: one in the area of Internet Infrastructures and one for Smart Home Environments, to be published the following month. Individual, thematic Threat Landscapes provide guidance for the development of protection measures to minimize threat exposure of valuable assets in various sectors.
For full report: ENISA Threat Landscape 2014
For interviews: Dr Louis Marinos, Expert in Network and Information Security, ENISA Email: louis.marinos@enisa.europa.eu, Phone: (+30) 2814 409 682