ENISA Threat Landscape Report 2022
This report is produced by the European Union Agency for Cybersecurity and gives an overview of the cyber security threat landscape.
The report lists the following as the prime threats for the report period:
- Social engineering threats
- Threats against data
- Threats against availability: denial of service attacks – these are becoming larger and more complex
- Threats against availability: internet threats
- Supply chain attacks – these are increasing significantly
The following trends are also identified by the report:
- Ransomware and availability attacks were ranked the highest in the period of the report with phishing being the most common vector for initial access by hackers.
- The war in Ukraine has been a factor for the increase in hacktivism and dis/misinformation.
- Cyber criminals are becoming increasingly sophisticated, for example, hackers are looking to exploit flaws in software before the developer has identified these itself.
- Novel, hybrid and emerging treats are making a big impact. For example, the use of AI to create deep fakes, attacks on machine learning models and the use of Pegasus (spyware which has the ability to harvest large amounts of information from a device (such as a phone) without the user’s knowledge).
Top tips on improving cyber security
Cyber security continues to be a hot topic for all organisations. As demonstrated by the ENISA report, the landscape is evolving, and attackers are becoming more sophisticated. As such, it is vital to ensure cyber security is a central part of your compliance programme. The following (although not an exhaustive list) are some top tips on improving your approach to cyber security.
- Consider where the main threats to your cyber security lie and consider how effective the measures you have in place are at addressing them. Those responsible for data protection within an organisation should be satisfied these issues are being addressed even if another team is technically responsible.
- Ensure you have appropriate policies and procedures in place and that there is clear ownership of the responsibilities contained in them. A major failing in the Interserve case was the lack of compliance with their own policies. These policies and procedures must be reviewed on a regular basis to ensure they are fit for purpose.
- Ensure your systems and cyber security protections are up to date and that your employees are taking steps to complete any updates they need to undertake personally. This is basic, yet it was overlooked by Interserve. Out of date systems and software may no longer receive security updates, creating vulnerabilities which can be exploited. Regular testing will also be necessary to ensure systems/protections are behaving correctly.
- Ensure your employees are properly trained. As identified in the ENISA threat report, the most common way in which hackers gain access in ransomware attacks is via phishing. Consider which teams are most at risk of such an attack and ensure you are undertaking regular and specific training about how to spot a phishing email. You should also offer training more broadly on information security.
- Ensure your processes for onboarding and ongoing management of third-party suppliers are fit for purpose. As the ENISA report identified, cyber attackers are increasingly exploiting weaknesses in supply chains in order to get access to a bigger target. Conducting a proper review of your suppliers’ data protection and information security practices when considering whether to onboard a supplier and having an ongoing programme to review this can be a way of reducing these risks.
- Check your permissions. Access permissions should be the subject of policies and procedures. Where these are in place, check they are being applied correctly. One of the issues in the Interserve case was the wide permissions granted to employees which, in some cases, included the ability of some individuals to uninstall antivirus protection – this was exploited by the hackers.
- Ensure your incident response procedures are robust. Whilst you may not always be able to prevent unauthorised access to your systems, you can control your response and so potentially the damage done by any incident.
- Keep up to date with threats in order to identify any new training needs for your organisation.