ENISA, the European Union Agency for Cybersecurity, has recently published its Threat Landscape Report for 2023. The report dives into the top risks, trends, and attack methods expected to shape cybersecurity in the coming years. Drawing from events and threats spanning July 2022 to July 2023, this report serves as an important tool for understanding the evolving cybersecurity landscape. In this blog post, we delve into the key cybersecurity trends outlined in the report, dissect its major insights, and highlight ENISA's recommendations to help organizations to stay secure online.
Key cybersecurity trends
During the year from July 2022 to July 2023, experts closely examined the world of cybersecurity and noticed several important trends. These trends show how cyber threats are changing and why it's crucial to keep up with them. Below are the key trends observed during this time frame, providing a comprehensive overview of the current state of cybersecurity.
Ransomware and availability threats: these were the top concerns during the reporting period.
Geopolitical impact: Geopolitical factors continued to influence cyber operations significantly.
Double extortion: Criminal groups are increasingly blending extortion tactics with data theft, a trend known as double extortion.
Phishing evolution: Phishing remains a common initial access vector, but a new form of social engineering is emerging, involving deception in the physical world.
Business email compromise (BEC): BEC attacks remain a favored method for attackers seeking financial gain.
Data compromise increase: Data compromises saw a notable increase in 2023, following a period of relative stability in 2022.
AI chatbot impact: There has been a surge in AI chatbots impacting the cybersecurity threat landscape.
DDoS attacks: DDoS attacks are growing in size and complexity.
Internet shutdowns: Internet availability threats, particularly post-COVID, are on the rise due to increased reliance on Internet technologies.
Supply chain attacks: Threat groups are increasingly interested in supply chain attacks, leveraging employees as entry points.
Major cybersecurity threats
ENISA categorized risks into eight groups and analyzed their impact and frequency to assess their significance. As per the ETL report, the major cybersecurity threats are as follows:
Ransomware
Definition: Ransomware is a cyber-attack where malicious software encrypts files, demanding a ransom for their release. It's a serious threat, emphasizing the importance of strong cybersecurity measures.
Enisa breakdown: Ransomware remains the most prevalent danger, making up 34% of all threats in the European Union, closely followed by Distributed Denial of Service (DDoS) attacks at 28%. Ransomware targeted various sectors, with manufacturing (14%) and health (13%) topping the list, followed by public administration (11%) and services (9%).
DDoS attacks
Definition: DDoS attacks, or Distributed Denial of Service attacks, overwhelm a website or online service by flooding it with traffic. This flood of traffic is so intense that it disrupts regular operations, making the targeted service temporarily or completely unavailable. Cyber criminals use networks of compromised computers to carry out these attacks, aiming to disrupt online activities.
Enisa breakdown: DDos attacks predominantly focused on government entities (34%), followed by transportation (17%) and banking/finance (9%). Threats to internet availability primarily affected digital infrastructure (28%) and digital service providers (10%).
Supply chain attacks
Definition: Supply chain attacks occur when cyber threats infiltrate a network through trusted partners or vendors. These attacks exploit vulnerabilities in the supply chain, compromising the overall system.
Enisa breakdown: Supply chain attacks have been identified as a notable concern for upcoming elections, impacting 21% of public administration and 16% of digital service providers. The exploitation of these vulnerabilities is associated with incidents involving digital service providers (25%), digital infrastructures (23%), and public administration (15%).
AI, information manipulation, and social engineering
The report highlights the increasing risk of misinformation due to the widespread use of artificial intelligence and sophisticated social engineering tactics.
Approximately 30% of social engineering schemes targeted the general public, while 18% were directed at government agencies. Information manipulation primarily focused on individuals (47%) and government bodies (29%), with defense (9%) and media/entertainment (8%) sectors also affected.
These manipulative activities pose a significant threat to electoral integrity, particularly with the upcoming European Union elections in 2024. The report stresses the importance of enhanced monitoring to counteract the misuse of AI in propagating false information.
Artificial intelligence (AI) and Large Language Models (LLMs) demand increased vigilance. Concerns have escalated regarding their potential exploitation for social engineering attacks, phishing, information manipulation, and cybercrime.
Key recommendations
The ENISA report offers a comprehensive set of recommendations aligned with industry standards such as ISO 27001 and the NIST Cybersecurity Framework. Below, we outline the key points.
Asset management, risk assessment, and vulnerability management
- Ensure comprehensive inventory, management, and control of assets.
- Initiate asset discovery and conduct thorough risk assessments.
- Perform regular vulnerability scanning to identify and address vulnerabilities.
- Implement security updates and patches regularly, per your patch policy.
- Establish protocols for vulnerability disclosure and incident notification with external stakeholders.
Remote access, security configuration, and data backup
- Ensure secure configuration of remote access technology and exposed services.
- Implement phishing-resistant Multi-Factor Authentication (MFA) and least privilege principles.
- Maintain offline, encrypted data backups and regularly test them according to backup procedures.
Addressing emerging risks and incident response planning
- Mitigate new growing risks, like AI-related threats, using encryption and cryptographic controls.
- Create, maintain, and regularly test an incident response plan.
- Document communication flows, response procedures, and incident notification protocols.
- Develop contingency plans for restoring business-critical services and involve key suppliers.
Security awareness training and resource deployment
- Conduct regular security awareness training, tailored for various departments and considering evolving threats.
- Provide specific training for IT and security staff.
Planning, budgeting, and zero-trust architectures
- Properly plan and budget for data management risks, aligning understanding between management and practitioners.
- Implement zero-trust architectures to increase system security posture by applying the "never trust, always verify" paradigm.
Protecting your organization
In 2024, cybersecurity demands not only comprehensive technical solutions but also the cultivation of a strong cybersecurity culture. This includes fostering soft skills, ensuring legal compliance, and maintaining a vigilant stance against emerging threats. Our awareness training courses empower your team to recognize and evade phishing scams, contributing to the development of a robust cybersecurity culture. By staying vigilant and well-informed, we can effectively address cybersecurity challenges together.
