Monitoring, analysing and reporting on the cybersecurity threat landscape is essential to understand what is happening in the cybersecurity ecosystem, take strategic informed decisions, conduct risk management and prioritise resources.
Cyber Threats
For more than 10 years, ENISA has been and remains at the forefront of evaluating and publishing comprehensive assessments on the European cyber threat landscape, both currently and historically. ENISA’s landmark Annual Threat Landscape report is the flagship of the Agency’s efforts on cybersecurity threat landscapes. It takes a broad view of the status of cybersecurity, and maps prime threats and relevant trends. Each of the identified threats, attack techniques, notable incidents and trends are discussed along with proposed measures in mitigation.
Using continuous analysis, ENISA derives trends and points of interest for each of the major threats presented in the Annual Threat Landscape report (ETL). The ETL is based on a variety of open-source information and cyber threat intelligence sources. It identifies major threats, trends and findings, and provides relevant high-level strategies for mitigation. ENISA is currently working on solidifying the methodology for reporting on the threat landscape to promote transparency and consistency in the work.
During the reporting period of ETL 2021, nine prime threats were identified as follows:
- Ransomware, malware, cryptojacking, e-mail related threats, threats against data, threats against availability and integrity, disinformation – misinformation, non-malicious threats, supply-chain attacks.
Moreover, ENISA conducts targeted analyses of technical threat landscapes, with Artificial Intelligence (AI) and 5G being the most recent cases. Sectorial threat landscapes that focus on threats and trends across vertical sectors, e.g. transport, supply chain, etc., are also regularly being examined by ENISA in order to identify the particularities of these sectors and support the bolstering of their cybersecurity posture.
In the process of constantly improving ENISA’s methodology for the development of threat landscapes, the Agency’s work has been supported by a specially established ENISA Ad hoc Working Group on Cybersecurity Threat Landscapes (CTL) since 2021.