The ability to respond to the evolving cyber-threat environment is not a destination but rather a journey. There is and always will be a permanent race in cyber space between attackers and defenders. Unfortunately, at the moment attackers are one step ahead. In this race it is impossible to know and, finally, to beat the opponents without understanding their attack methods. Hence, understanding threats is a vital element towards protecting cyber assets that needs to be in the focus of information security professionals.
The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 120 recent reports from security industry, networks of excellence, standardisation bodies and other independent institutes have been analysed.
The current top cyber threats have been identified. Current threat trends have been derived from the comparison of current threat information with that of the last years. Finally, a number of threat trends for emerging areas of Information Technology have been formulated. We call them emerging threats and they have been identified for the following areas: mobile computing, social technology, critical infrastructures, trust infrastructures, cloud computing and big data. The summary of the achieved results has been consolidated into a single table that has been attached to this executive summary (see Table 1).
The target group of this report are: decision makers, security professionals, risk managers but also interested individuals who would like to obtain information about threats and find references to current available material on this topic.
“Know yourself, know the enemy. A thousand battles, a thousand victories”1.
The ENISA Threat Landscape document is a contribution towards understanding the “cyber enemy”. Many steps need to follow to leverage on Sun Tzu’s wisdom. Some of those are proposed in the conclusions of this report.