ENISA Threat Landscape (ETL) report released

ENISA, the European Union Agency for Cybersecurity, has released the latest edition of the ENISA Threat Landscape (ETL) report. This annual report identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures. The time span of the ETL 2021 report is April 2020 to July 2021 and you can download a copy of the report from ENISA’s website: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021/@@download/fullReport

It is no surprise that the change in the way people work due to COVID-19 is a key theme of the report. A hybrid way of working is likely to be a lasting shift, meaning that cybersecurity threats that were related to the pandemic will become mainstream. This has essentially increased the attack surface and there has been a rise in the number of cyber-attacks targeting organisations through the home office.

“When COVID-19 hit the days where hard boundaries between office and home or work and social dissolved over a matter of months,” said Rowland Johnson, President of CREST.  “Businesses that want to remain secure, need to accept this and find ways to support their workforces to become cyber secure 24 hours a day.  This must extend to work tasks, home tasks and family tasks. All of these elements are impossible to keep separate and building a cyber security culture that traverses work and home lives interchangeably is the only way for organisations to become more cyber secure.”

ENISA’s report warns that many threats are on the rise but highlights ransomware as the prime threat organisations are facing today, with a 150 percent rise in attacks during the reporting period. There are fears the despite ransomware hitting the headlines and getting the attention of world leaders that the problem will only get worse. It is not all bad news; the report does note that governments are doing more and are combining forces to help deal with the growing threat.

“CREST and its almost 300 members are working with governments and regulators around the world to help grow the capability and capacity to fight ransomware and other cyber threats,” continued Johnson. “CREST also has an ongoing commitment to supporting the cyber security industry globally to upskill and meet the needs of individual nations and their cyber defence strategies.”