Discuss about the European Union Agency for Network and Information Security.
Overview of Case Study
ENISA stands for European Union Agency for Network and Information Security and is a centre of network and information security expertise. The case study on current threats and ENISA Technology Landscape (ETL) was published in the year 2014. This landscape was first published by ENISA and due to this reason there were a lot many impressive changes that were seen in association with the top threats that were involved. Controlled security architecture was presented along with an amalgamation of stronger law enforcement operations. However, in spite of the ETL, there were a number of occurrences of security threats and attacks. Secure Socket Layer (SSL) and Transport Layer Security (TSL) faced a lot of stress due to the demand and the requirement of the security mechanisms to be installed. There was also a massive increase in the cases of data breach and physical violations that were seen commonly. The case study covers the top threats that were seen in the year 2014 and the detailed description of each of the threat such as malicious codes, botnets, span, phishing, data breaches, insider threats and many others. There are a number of threat agents that are involved with all of these threats and the same have also been discussed in the report. Attack vectors and the emerging threat landscape in association with the emerging technologies such as mobile computing, cloud computing, big data and many others has also been highlighted in the case study. Internet of Things (IoT) and network virtualization are the two emerging technologies that are on a rapid rise and the landscape that is required to be designed to control the security threats associated with these concepts has also been covered in the case study of ENISA (Enisa, 2016).
Enisa Security Infrastructure Diagram
There are a number of threats that are associated with ENISA and these threats are brought to the component through a number of different agents. The security infrastructure that is necessary to be implemented in ENISA must take care of all the levels that are involved in terms of the varied threat agents in terms of nation states, social hackers, employees, cyber criminals, cyber terrorists and many others.
The security infrastructure diagram that is depicted below for ENISA deals with all of these agents and the threats that are present and provides a mechanism to deal with them.
ENISA Security Infrastructure Diagram
Strategies to Combat Insider Threats
There are a number of insider threats that are included in the top threats for ENISA in the year 2014. These threats are of significant concern for the technical experts as well as the executives. The following strategies can be applied to control and prevent the insider threats.
- Technological solutions that are designed for fighting with the security threats must be bundled up together with the policies associated with the resources and the projects going on in a particular organization.
- The behavior of the people must be tracked and recorded and a dedicated team must be employed for the same. Patterns and specific activities of dissatisfaction or rage must be given due attention.
- These threats are mainly executed due to the user error. It is therefore necessary to organize and conduct user trainings to allow the people to understand the system in a better manner so that there are no mistakes and errors performed from their end. Security awareness training, system trainings and likewise must be provided to the people (Musthaler, 2016).
- Logging, monitoring and auditing are the activities that must be executed at frequent intervals to make sure that there are no deviations internally.
- There are also occurrences wherein the access is not deactivated even after the termination of the employees. Such incidents should never occur and it must be ensured by the security team to deactivate the access as soon as the employee leaves the organization (Cert, 2016).
Most Significant Threat
Out of the top threats that have been listed, data breaches are the most significant out of all. It is because of the reason that these attacks for a major part of the entire number of attacks that took place in the year 2014 and also they have the potential and capability to cause a significant impact on the victim. There are a number of organizations and agencies that are looked upon by ENISA and the data and information that is present with each of the entity can be classified in a number of types (Ko & Dorantes, 2016). The data and information that is associated with these entities can be public, private, confidential or sensitive in nature and data breach of any kind and strength violates the confidentiality, integrity and availability of the same. As per the data that has been recorded in the case study, most number of data breaches have took place in the field of health care. Health information of an individual is considered to be private and violation to the privacy of the same can result in legal punishments and policies. The impact of these data breaches is huge and includes a wide variety of penalties and punishments in terms of the legal and regulatory laws that govern a particular piece of information (Amato, 2016).
Threat Agents and Steps to Minimize their Impact
There are a number of threat agents that are involved in the execution of the top threats that have been listed in the case study. These threat agents are:
- Cyber Criminals: these are the agents that perform malicious activities in the cyber space and have a malicious intent to gain profits through unauthorized and illegal activities. These agents are highly skilled and capable to execute the threats.
- Online social hackers: These are the agents that execute the social engineering attacks and their capabilities can be classified as low to medium as far as technology is concerned.
- Hacktivists: These are the agents that execute the threats due to political motivation that is involved with them.
- Nation States: A number of nation states have developed the cyber intelligence capabilities to give rise to a number of top threats.
- Employees: An Insider threat that occurs and forms a significant part of the top threats is performed by these threat agents who may be internal employees, ex employees or external employees for a particular organization.
- Cyber Fighters and Cyber Terrorists: These are the threat agents that give base to some of the severe damage causing cyber attacks and threats (Casey, Koeberl, & Vishik, 2010).
The impact that is caused by these threat agents can be controlled by specific security mechanisms that must be designed to put a stop to the activities of the agents. These security mechanisms can include basic methods such as incident management, access management, physical security, firewalls, anti-malware software to advanced security measures such as cryptography, encryption, law enforcements and many others.
Social Hacking Issues
Social hacking is a form of security attack that is executed by the social hackers as the agents of the threats and includes the attempt to alter the social behavior of a user through a number of different means and techniques. The present era is the era of social media and the presence on this platform is almost a mandate for every single individual. The social hackers gain advantage through this phenomenon by performing dumpster diving in which the discarded user profiles and data is accessed to retrieve important information and patterns such as user name, contact information, email address and likewise. Role-playing is also a common form of the social hacking issue that includes the impersonation of a particular user or organization on a social platform to gain information. Social hacking has come up an easy way to breach the internet and network security as the presence of the users on the platform is massive and it becomes easier for the hackers to retrieve significant information through a number of mechanisms. The impact of these social hacking issues can be moderate to extremely severe as these have the potential to gain sensitive and confidential information through the medium. Such unauthorized mechanism of gaining the information can then be misused by the social hackers (Wood, 2016).
Trends in Threat Probability
Table 2 displays the comparison between the threat landscape in the year 2013 and the year 2014. Threats such as malicious codes, web based attacks, injection attacks, denial of service, phishing, data breaches, theft, information leakage, and fraud and cyber espionage are on a rise. There has been a decrease in the threats such as spams, botnets, ransomware and explore kits as compared to the year 2013. The threat probability can thus be defined on the basis of the threats that are on a rise and are on an ever increasing pace. The increase in probability of such threats is due to the advance measures that have been devised by the attackers in association of these threats. Web based attacks can be easily executed as there is such huge amount of information and data that is present on the web based platforms. Also, malicious codes have existed since a lot many years and it has become easier for the attackers to inject the same through network as a medium that gets downloaded on the machine of the victim. Denial of service is also a common attack that is executed by flooding a network with huge amount of unnecessary traffic so that the service becomes unavailable as a result. It can therefore be devised that the probability of the threats is maximum in terms of web based, data breaches and physical security threats (Nichols, 2016).
Improvements in ETL Processes
ETL process could have been improved by including the advanced security mechanisms in the security infrastructure. There are a huge number of components and applications that are involved with ENISA and in spite of the security architecture and structure that is followed; there are frequent threats and attacks that are seen. It is prescribed to incorporate the propelled security countermeasures in the ETL procedures. Encryption is one of the key measures that ought to be embraced to maintain a strategic distance from and keep all the security dangers that are connected with the frameworks. Encryption of information very still, information in-movement and the information of the applications is a must. Sharing of information on the interpersonal interaction applications or by means of Bluetooth is a typical system that is taken after. Utilization of un-secured applications ought to be ceased from the client's end to keep away from the dangers that happen amid data sharing. Utilization of gadget passwords, for example, swipe design, pin lock or watchword to ensure the gadget ought to be empowered at all times. Passwords can likewise be put on the applications. Auto-wipe is another measure that ought to be empowered which wipes off the information after a specific number of fizzled endeavors. Testament based character and utilization of bio-measurements likewise empower appropriate realness and approval. It is also necessary to include the review, scans and monitoring of the processes and components that are involved to make sure that the security threats do not occur. There must be a set of processes in the order as basic, standardized, rationalized and dynamic that must be included (Microsoft, 2016).
Challenging Threats for ENISA
There are a number of security threats and challenges that are seen in the current era and there is a big list of threats that will come up as serious concerns for ENISA to battle with. These threats are classified in three broad categories as confidentiality threats, availability threats and integrity threats. Availability threats are the ones that have the potential to negatively impact the availability of a particular service such as denial of service, account hijacking, theft and fraud. Integrity threats include the unauthorized modification or alteration of the information that is associated with a particular service or application. Malicious codes, message alteration and media alteration are the integrity threats that can be difficult to battle with as these can be introduced in the system through a number of different sources. Confidentiality threats such as data breaches, information leakage, insider threats and phishing can also be difficult to deal with as they have expanded to a huge number of systems and applications (Panetta, 2016).
IT Security State of ENISA
ENISA should not be satisfied with its current state of IT security. There are a number of reasons that support the statement. The first and foremost in the increase in the number of threats that has been seen in the year 2014 in spite of a number of security control and prevention measures that have been taken. Also, there are a number of new threats and attacks that are being developed on a frequent basis. There are still no countermeasures that are available with ENISA to deal with them that emerges as a huge security loophole in the present state of IT security. There are also a number of threat agents that have been discussed and described in the case study. These threat agents have the ability to impact the security architecture and the information that is present with the applications, components and systems associated with ENISA. There are a huge number of different entities that are associated with ENISA and it is necessary to design security measures and policies that go hand in hand with the requirement of each of the system (Aws, 2016). There must be advanced security measures and mechanisms that must be adopted in addition with the security processes to develop the state of IT security in the entire infrastructure.
Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 20 September 2016, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html
Aws,. (2016). Overview of Security Processes. Retrieved 20 September 2016, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
Casey, T., Koeberl, P., & Vishik, C. (2010). Threat agents. Proceedings Of The Sixth Annual Workshop On Cyber Security And Information Intelligence Research - CSIIRW '10. https://dx.doi.org/10.1145/1852666.1852728
Cert,. (2016). Insider Threat Best Practices. Retrieved 20 September 2016, from https://www.cert.org/insider-threat/best-practices/
Enisa,. (2016). ENISA draws the Cyber Threat Landscape 2014: 15 top cyber threats, cyber threat agents, cyber-attack methods and threat trends for emerging technology areas â€” ENISA. Enisa.europa.eu. Retrieved 20 September 2016, from https://www.enisa.europa.eu/news/enisa-news/enisa-draws-the-cyber-threat-landscape-2014
Ko, M. & Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 20 September 2016, from https://jitm.ubalt.edu/XVII-2/article2.pdf
Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT & Security Processes - Best Practices for Business IT. Microsoft.com. Retrieved 20 September 2016, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx
Musthaler, L. (2016). 13 best practices for preventing and detecting insider threats. Network World. Retrieved 20 September 2016, from https://www.networkworld.com/article/2280365/lan-wan/13-best-practices-for-preventing-and-detecting-insider-threats.html
Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 20 September 2016, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63
Panetta, K. (2016). Gartner's Top 10 Security Predictions 2016 - Smarter With Gartner. Smarter With Gartner. Retrieved 20 September 2016, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/
Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 20 September 2016, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security