Jul 08 2022

ENISA released the Threat Landscape Methodology

Category: Cyber Threats,Threat detection,Threat ModelingDISC @ 11:17 am

I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology.

Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual basis since 2013. The report uses publicly available data and provides an independent view on observed threat agents, trends and attack vectors.

ENISA aims at building on its expertise and enhancing this activity so that its stakeholders receive relevant and timely information for policy-creation, decision-making and applying security measures, as well as in increasing knowledge and information for specialised cybersecurity communities or for establishing a solid understanding of the cybersecurity challenges related to new technologies.

The added value of ENISA cyberthreat intelligence efforts lies in offering updated information on the dynamically changing cyberthreat landscape. These efforts support risk mitigation, promote situational awareness and proactively respond to future challenges.
Following the revised form of the ENISA Threat Landscape Report 2021, ENISA continues to further improve this flagship initiative.
ENISA seeks to provide targeted as well as general reports, recommendations, analyses and
other actions on future cybersecurity scenarios and threat landscapes, supported through a clear
and publicly available methodology.

By establishing the ENISA Cybersecurity Threat Landscape (CTL) methodology, the Agency
aims to set a baseline for the transparent and systematic delivery of horizontal, thematic, and
sectorial cybersecurity threat landscapes. The following threat landscapes could be considered
as examples.

  • Horizontal threat landscapes, such as the overarching ENISA Threat Landscape (ETL), a product which aims to cover holistically a wide-range of sectors and industries.
  • Thematic threat landscapes, such as the ENISA Supply Chain Threat Landscape, a product which focuses on a specific theme, but covers many sectors.
  • Sectorial threat landscape, such as the ENISA 5G Threat Landscape, focuses on a specific sector. A sectorial threat landscape provides more focused information for a particular constituent or target group.

Recognising the significance of systematically and methodologically reporting on the threat landscape, ENISA has set up an ad hoc Working Group on Cybersecurity Threat Landscapes2 (CTL WG) consisting of experts from European and international public and private sector entities.

The scope of the CTL WG is to advise ENISA in designing, updating and reviewing the methodology for creating threat landscapes, including the annual ENISA Threat Landscape (ETL) Report. The WG enables ENISA to interact with a broad range of stakeholders for the purpose of collecting input on a number of relevant aspects. The overall focus of the methodological framework involves the identification and definition of the process, methods, stakeholders and tools as well as the various elements that, content-wise, constitute the cyberthreat Landscape (CTL).

You can download the ENISA Threat Landscape Methodology here:

ENISA Threat Landscape Methodology

ENISA Threat Landscape Methodology

Did you manage to assess the risks of remote work so that your company data remain safe?

To help you out, Advisera have created a free white paper: Checklist of cyber threats & safeguards when working from home, which outlines the key cyber threats and vulnerabilities you need to address.

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: ENISA, ENISA Threat Landscape, Threat Landscape Methodology

Oct 27 2021

The 9th edition of the ENISA Threat Landscape (ETL) report is out!

Category: Cyber ThreatsDISC @ 9:02 am

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape.

This edition reports events and analyses related to the period between April 2020 up to July 2021.

The bad news is the cybersecurity threats are on the rise, and ransomware attacks rank as a prime threat for the period. Supply-chains attacks also rank among the most dangerous threats due to the catastrophic cascading effects. The document identified threats, attack techniques, notable incidents, and related trends, it also provides recommendations to mitigate the risk of exposure.

“Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.” states EU Agency for Cybersecurity Executive Director, Juhan Lepassaar.

The level of sophistication of attacks and their impact continues to increase. The experts highlight an increase in the surface of attacks of organizations due to an ever-growing online presence.

Below are the 9 threat groups analyzed in details in the report over the reporting period:

  1. Ransomware;
  2. Malware;
  3. Cryptojacking;
  4. E-mail related threats;
  5. Threats against data;
  6. Threats against availability and integrity;
  7. Disinformation – misinformation;
  8. Non-malicious threats;
  9. Supply-chain attacks.

Tags: ENISA, ENISA Threat Landscape, ETL