In October 2020, ENISA published the eighth edition of its review of the threat landscape, in a new more dynamic structure.  The series of reports, which provide relevant insights on the evolution of cyber threats for the period from January 2019 to April 2020, was compiled with the support of the European Commission, EU Member States and the CTI Stakeholders Group.

The individual reports allow readers to focus on the information of particular relevance for their sector of interest or activity. This broad approach seeks to satisfy:

… different audiences and adopts different levels of technical language, depending on the domain and the importance of the topic for non-technical readers.

The content of the report aims to be industry and vendor agnostic and ensures appropriate references and citations are listed. The approach taken was based both on in-depth desk research of openly available literature as well as on interviews with members of the cybersecurity stakeholder community which helped define the list of the top 15 threats and validate assumptions about trends and future challenges.

The reports are categorised as follows:

  • Entry Point providing a general overview of the threat landscape
  • Strategic Reports consisting of:
    • Sectoral and thematic threat analysis
    • Main incidents in the EU and worldwide
    • Research topics
    • Emerging trends
  • Technical Reports consisting of:
    • CTI overview summarising the most important topics relevant to the cyber threat intelligence community
    • ENISA’s top 15 threats consisting of 15 reports, one for each of the top threats identified in the 2019-2020 (as listed in the infographic), presenting for each a general overview, the findings, major incidents, statistics, attack vectors and corresponding mitigation measures.

The two main factors identified in the report as drivers for the threat landscape transformation were the coronavirus pandemic and the trend in advanced adversarial capabilities of threat actors. In particular, as far as the coronavirus pandemic is concerned, the report underlines how:

The COVID-19 pandemic forced large-scale adoption of technology to master a variety of critical aspects of the crisis, such as coordination of health services, the international response to spread of COVID-19, adoption of teleworking regimes, distance learning, interpersonal communication, control of lockdown measures, teleconferencing and many others.

It also points out that:

In a short turnaround time, IT security professionals had to quickly respond to the challenges introduced by working from home arrangements such as enterprise data movements whenever employees use their home Internet to access cloud-based apps, corporate software, videoconferencing, and file sharing.

The ten main trends observed during the reporting period are reviewed across all the reports:

  1. Attack surfaces in cybersecurity continue to expand as we are entering a new phase of digital transformation.
  2. There will be a new social and economic norm after COVID-19, even more dependent on a secure and reliable cyberspace.
  3. The use of social media platforms in targeted attacks is a serious trend and reaches different domains and types of threats.
  4. Finely targeted and persistent attacks on high value data (e.g. intellectual property and state secrets) are being meticulously planned and executed by state-sponsored actors.
  5. Massively distributed attacks with a short duration and wide impact are used with multiple objectives such as credential theft.
  6. The motivation behind the majority of cyberattacks is still financial.
  7. Ransomware remains widespread with costly consequences to many organisations.
  8. Many cybersecurity incidents still go unnoticed or take a long time to be detected.
  9. With more security automation, organisations will invest more in preparedness using cyber threat intelligence as its main capability.
  10. The number of phishing victims continues to grow since it exploits the human dimension being the weakest link.

The overall conclusion is that

With all the changes observed in the cyber threat landscape and the challenges created by the COVID-19 pandemic, there is still a long way before cyberspace becomes a trustworthy and safe environment for everyone.

But, the picture painted is not altogether gloomy: according to the findings of an EC 2019 survey, concerns about online privacy and security have already led more than nine in ten Internet users to change their online behaviour – most often by not opening e-mails from unknown people, installing anti-virus software, visiting only known and trusted websites and using only their own computers.

The report also offers relevant policy conclusions and recommendations, among which increasing the cooperation between policymakers and technologists is considered fundamental. From a CyberSec4Europe, research and educational conclusions are of a fundamental importance. Among them:

  • The EU should continue to invest in cybersecurity research and development with an emphasis on long-term and high-risk research initiatives;
  • The EU should continue building capacity through investment in cybersecurity training programs, professional certification, exercises and awareness campaigns;
  • Multidisciplinary research in cybersecurity should be promoted and incentivised .

This report will contribute to the ongoing work of CyberSec4Europe and help our research teams to focus on the priorities identified by different stakeholders and policymakers. It is relevant reading for all those with an interest in cybersecurity developments.

Access to the report is available here.