The state of Cybersecurity Vulnerabilities 2018-2019

Back to News

The European Union Agency for Cybersecurity, ENISA organises a joint workshop with CERT-EU, computer emergency response team for the EU Institutions, Bodies and Agencies to share information on key cybersecurity activities.

CERT-EU Working Visit

ENISA´s Executive Director, Juhan Lepassaar and Head of Core Operations, Steve Purser welcomed the Head of CERT-EU, Saâd Kadhi to its premises in Athens. CERT-EU plays an important role in effective and efficient response to information security incidents and the mitigation of cyber threats against the European Union institutions, bodies and agencies.

The meeting included an overview of key ENISA and CERT-EU activities, including steps to enhance their bilateral cooperation as foreseen by the Cybersecurity Act with presentations on the CSIRTs Network, Cyber Threat Intelligence and the EU Blueprint for rapid emergency response in case of a large scale cross-border cyber incidents or crises.

Information exchange and collaboration in joint projects are key priorities for CERT-EU and ENISA underpinned in the Memorandum of Understanding that was signed in May 2018 *.

State of Cybersecurity Vulnerabilities 2018-2019

Coinciding with the CERT-EU visit, the EU Agency for Cybersecurity published a report on the state of vulnerabilities 2018-2019. The report includes valuable contribution from CERT-EU experts as well as other renowned cybersecurity experts. Sharing information on vulnerabilities allows for informed decisions to made, remedies to be put in place and risks to be evaluated.

The ‘State of Cybersecurity Vulnerabilities’ report published today continues the work that was initially produced in 2016 when ENISA published the first of its kind report covering the topic of vulnerability disclosure. Since then, the vulnerability ecosystem has matured considerably. The positive developments are associated with increased efforts in collecting more accurate and consistent information about vulnerabilities, their severity, associated exploits/attacks as well as potential impact and complexity.

Standardisation of Collected Information

Standardisation plays a key role in the vulnerability information collection process by streamlining threat intelligence sharing and risk management. Generally, the information about vulnerabilities resides in either public or private/commercial databases, therefore it's not unreasonable to assume that there are differences among them, in terms of reliability, accuracy and completeness.

Objectives

The purpose of the report is to provide an insight on both the opportunities and limitations that the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report attempts to go beyond the standard exploratory analysis, which is well captured by industry whitepapers and reports, and instead attempts to answer questions related to the reliability, accuracy of the vulnerability sources and the widely accepted evaluation metrics.

The end goal of the report is to help the InfoSec community, public/private organisations and vendors to take informed decisions about patching, prioritisation of security controls and lastly to improve their risk assessment process.

Target audience

  • Information Security community (CSIRTs, Security Operations, other organisations with a stake in cybersecurity),
  • Public and private organisations
  • Research and Academia
  • Vendors

Background

CERT-EU and the EU Agency for Cybersecurity have signed a Memorandum of Understanding (MoU) in May 2018 together with Europol and EDA to establish a cooperation framework between their organisations. It focuses on five areas of cooperation, namely Exchange of information; Education & Training; Cyber exercises; Technical cooperation; and Strategic and Administrative matters.

Full report:

ENISA report - State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities.

For further queries:

Please contact press@enisa.europa.eu