The EU’s cyber security Agency ENISA has issued its annual Threat Landscape 2013 report, where over 200 publicly available reports and articles have been analysed.
Questions addressed are:
- What are the top cyber-threats of 2013?
- Who are the adversaries?
- What are the important cyber-threat trends in the digital ecosystem?
Among the key findings is that cyber threats have gone mobile, and that adoption of simple security measures by end-users would reduce the number of cyber incidents worldwide by 50%.
The ENISA Threat Landscape presents the top current cyber threats of 2013 and identifies emerging trends. In 2013 important news stories news, significant changes and remarkable successes have left their footprint in the cyber-threat landscape. Both negative and positive developments have formed the 2013 threat landscape. In particular:
Negative trends 2013:
- Threat agents have increased the sophistication of their attacks and of their tools.
- Clearly, cyber activities are not a matter of only a handful of nation states; indeed multiple states have developed the capacity to infiltrate both governmental and private targets.
- Cyber-threats go mobile: attack patterns and tools targeting PCs which were developed a few years ago have now migrated to the mobile ecosystem.
- Two new digital battlefields have emerged: Big Data and the Internet of Things.
Positive developments in the cyber threat trends in 2013 include:
- Some impressive law-enforcement successes. Police arrested the gang responsible for the Police Virus; the Silk Road operator as well as the developer and operator of Blackhole, the most popular exploit kit, were also arrested.
- Both the quality and number of reports as well as the data regarding cyber-threats have increased
- Vendors gained speed in patching their products in response to new vulnerabilities.
The top three threats:
- Code injections.
Key open issues, identified are:
- The end-users lack knowledge yet they need to be actively involved. Adoption of simple security measures by end-users would reduce the number of cyber incidents for 50% worldwide!
- Numerous actors work on overlapping issues of threat information collection and threat analysis. Greater coordination of information collection, analysis, assessment and validation among involved organisations is necessary.
- The importance of increasing the speed of threat assessment and dissemination, by reducing detection and assessment cycles has been identified.
The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “This threat analysis presents indispensable information for the cyber security community regarding the top threats in cyber-space, the trends, and how adversaries are setting up their attacks by using these threats.”
The full report can be found here.