Defenders of corporate networks are fighting against hackers from time immemorial. This is one of the main conclusions drawn from the fifth annual cyber security study.
In other words, the report shows how the growing IT security market is characterized by a continuous tussle between the “good guys” – who fight cyber-threats – and the “bad guys” – who, on the contrary, initiate cyber-threats.
The Threat Landscape for 2015 is a European report produced by the ENISA – the EU Agency for Network and Information Security.
The report underlines how the “good guys” have improved their skills considerably (e.g. thwarting attacks and defeating cybercrime infrastructures) but so have the “bad guys” (e.g. planning persistent attacks which efficiently elude defence measures in place), causing the situation to stretch even thinner. Attackers have also perfected “cyber-crime-as-a-service”, where they provide helpful tools to nonexperts, and, with more malicious intentions, they actually broadened their attacks span in order to hit firmware, routers and the wider electronic world of data – the Internet of Things.
Furthermore, the report listed the top 15 threats which count, in the top 5, malware, web-based attacks, web application attacks, botnets and DDS. Cyber espionage, on the other end, obtains the last place as the less dangerous of all IT threats.
Compared with the data collected in 2014, we notice how physical damage, theft or loss and inside threats are now perceived as bigger risks than they actually were in the previous year. Spamming, on the contrary, is now seen as less dangerous than before.
What emerges from the report is the need for sharing information and for a cooperative action to efficiently address the cybercrime issue. The initial important step is the identification of the threats and how they operate and work so that a better defence strategy can be built to prevent or thwart attacks.
According to Udo Helmbrecht – ENISA’s executive director – the identification of threats is the basic information which enables and unlocks a series of preventive actions, from the actual assessment of the risks involved to raising awareness, from a concrete understanding of the requirements needed to protect every device from all sorts of threats to the necessary counterattacks to perform.
ENISA’s work is, therefore, essential to assess and consequently tackle issues that are more and more emerging in a seemingly ever-developing sector, such as IT.