ENISA Threat Landscape Analysis For IT Risk Assessment Lead Consultant Wrote An Essay.

You have been hired as the IT Risk Assessment lead consultant for Gigantic Corporation (your specialisation is based on the area you have chosen above). Your role is to be the interface between business stakeholders and technologists, translating potential technical difficulties into risk language to facilitate effective decision-making by stakeholders. You have been engaged to assess a project that falls into your specialised area. Once you complete a full assessment, you are required to provide the IT assessment report to the management in the department or section that is running the project for Gigantic.

How to complete this task:

You will write a report on the project IT risks based on the scenario.

A risk assessment based on threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threat agents. What could be done to mitigate the risks and their impact on the system? 

Overview of ENISA Threat Landscape

The European Union Agency for Network and Information Security or ENISA is a network centre and an information security expertise for the continent of Europe and its member states which logs out an annual report each year that summarizes the reports of all the analyzed cyber threats and the state of the art technology that has been used in them based in the open source material. The report is based on a yearlong collection, assessment and analysis of all the activities that have occurred regarding cyber threats and which are found in the public domains (Goldes et al., 2017). Based in the analysis of each year’s report, an overall recommendation is made to make further improvements in the process so that the problems can be dealt with improved care and caution when it occurs again. Yearly analysis is done to make sure if all the older cyber threat vulnerabilities are being effectively taken care of and if there has been an occurrence of any new cyber threat (Rekik, Gransart & Berbineau, 2018).

In this report, the ENISA threat landscape would be identified with regards to the following steps. Firstly, there would be an overview of the ENISA threat landscape followed by review of the literatures by different authors. Next, the threats, vulnerabilities and consequences of the cyber attacks would be derived from an IT control framework and any existing industry risk recommendations for the project would be provided based on that. It would then consist of the identification and discussion of the key threat agents with the mitigation of the risks and their impact on the system being described in details.

The European Union Agency for Network and Information Security or ENISA gives emphasis to the threat analysis and the emerging trends in the world of cyber security. The ways, by which technology is making changes and advancements one after another, it is becoming excessively important for organizations to make amendments in the business process. In the similar ways, malicious attackers are making considerable progress in making advancements towards making the best use of the advancement in technological world to barge into the security systems of the organizations and the individual information in order to hack them (Herzberg, Hollick & Perrig, 2015). The ENISA analysis helps in noticing every individual cyber threat that has taken place over the course of the year to make notice of the technology, ways and reasons for every cyber threat. This is done to make feasible ideas about the cyber threats and then propose mitigating plans for the same. The analysis also makes sure of the impact of the cyber threats in a particular business to make out how the cyber threats are affecting an organization or an individual.

Based on the IT control framework of the network security for internet service providers, the ENISA threat frameworks makes an idea about the threats based on the network security vulnerabilities and the consequences of the threats. Any malicious attacker would attack an organization or a specific individual based on these factors only. If a network within an organization or the service provider used by an individual is found to be vulnerable enough, it becomes easy for the attacker to build up a possible threat (Sillaber et al., 2016). The ENISA threat landscape understands the cyber threats dividing into separate different groups based on the nature of the cyber threats. The entire analysis is done because it is required to analyze the threats within the cyber world. If the threats remain unidentified or undetected, it would possess the potential to attack an organization or a system. To mitigate these attacks and make sure that further these kinds of attacks do not violate the system of an organization or a network provider to harm an individual, the ENISA threat landscape analysis is made over the continent of Europe and its member states.

IT Control Framework for Cyber Attacks

To make a complete investigation of the ENISA threat landscape analysis and the utilization of it in the continent of Europe and its member states, the journal articles based on the subject is reviewed. The articles are selected on the basis of the information each of them provided. The articles are based on the ENISA threat landscape made on account of the technological advancements and the impact it had on the cyberworld (Fiedler, Settanni & Skopik, 2017). The amounts of threats that have been derived as a result based on these analyses have been justified well in these articles. From mobile telecommunication to the implementation f cloud environment, every technological change and the threat analysis regarding these factors have been justified in the articles reviewed.

In one of the articles the authors Martin, Marinos, Rekleitis, Spanoudakis and Petroulakis (2015), states that the ENISA threat landscape report provides a good review on the threats and the potential compromises as made by the analysis. The threat landscape report is based on the security of the SDN/5G networks, which is considered as the representative of the next major phase of mobile telecommunication systems and network architectures which is a step ahead of the traditional 4G standards that is being used in the market massively. 5G is introduced as a result of the innovation made in the current 4G standards in the mobile telecommunications system which primarily aims at the connectivity provision to the telecommunication systems that would enable the users to have extreme and ultra robust broadband as well as low latency connectivity. 5G also aims to have the connectivity set at the utility of Internet of Everything or Internet of Things or IoT (Furnell, Emm & Papadaki, 2015). With these extreme levels of advancements, there sure are vulnerabilities along with it and the ENISA report and analysis clearly understands the threats detected with these advancement of telecommunication technology.

In every reviewed paper, ENISA report clearly realizes the business potential of every technological advancements as well as the cyber threat and potential risks regarding the usage of them to make sure of the potential. The reports made on every advanced technology by ENISA threat landscape looks through the security systems and address them comprehensively to make sure that these vulnerabilities do not make these technologies lose any business opportunities as a result. The review of the emerging threat landscape is effectively made on the advanced technologies with particular focus on the security principles it deals with.

However, it has been also found through extensive review of the literatures in this regard, that the vulnerabilities acquainted with every advanced technology is identified correctly by the ENISA threat landscape, but there are only a few papers available that also describe the mitigation techniques of these threats associated with the technology in question (Kovanen, Nuojua & Lehto, 2018). This is where some of the papers fall short, due to no arrival of a closure point regarding the mitigation strategies of the cyber threats as mentioned in the paper.

Key Threat Agents

Threats

This section would provide a clear overview about the changes that have been assessed by the ENISA threat landscape. In every threat landscape report ENISA provides a comparison of the threat landscapes with respect to the previous year’s analysis made. The IT control framework is assessed to make correct assumptions over the threats in the systems. In the ENISA threat landscape, this idea is represented as rankings comparing the previous and the present year and the threats that have been assessed as a result. It is found as per the reports that several trends can be identified in the context of the threats and analysis done on each of these threats. It can be seen in the reports that some of the threat phenomenon is susceptible to stable rise and the other threats are seen to have increasing or decreasing trend (Scott, 2017). This is due to the fact that even if the ENISA reports make the stagnation or reduction of threats, these are still growing as a total landscape through several factors, like, infection volumes, identified incidents, threat bearing breaches and others.

In addition to that, the identified threats and the threat agents behind them have become increasingly difficult as a result of the rise in masquerading sophistication in cyber security threats. As per the ENISA reports, it has become very difficult to understand the threat agent behind a cyber security threat as it may represent the masked IP addresses of innocent people who are masqueraded by malicious hackers.

Vulnerabilities and consequences 

The ENISA reports put forward the fact that vulnerabilities as well as misconfigurations have been quite a severe problem and the attackers have been cashing on it because of the common attack vectors and the provision it has for gaining a foothold into the system (Gschwandtner et al., 2018). It is seldom found that a network possesses vulnerabilities because of faulty cryptography, faults in networks and security but it has a severe impact because they open a doorway to a larger attack surface with a much greater impact.

There have been several consequences of the vulnerabilities as noticed in the ENISA reports and these can be put forward with the help of few examples. These can be described as below:

• The attacks that the notorious ransomware called WannaCry that spread wrecked havoc in thousands of organization all around the world in the year 2017. WannaCry’s success was based on the fact that it used a leaked NSA exploit against Microsoft Windows SMB vulnerability (Ab Rahman, Kessler & Choo, 2017). Interestingly, in this attack, the threat agent used another attack vector as well to further spread the malware.
• In the Wi-Fi enabled devices, KRACK was an identified attack that was done against the WPA2 security protocols. The vulnerability is actually a flaw in the protocol, likely affecting all correct implementations. ROCA is another flaw in a widely used cryptographic library used by a known semiconductor manufacturer. The flaw affects various devices, such as Estonian smart IDs. In both cases the potential impact of these flaws is significant due to their wide reach.

Industry risk recommendations for the project

The ENISA threat landscape assessment identifies all the threats and trends of threats and analyses them to put up with a risk elimination recommendation to the industries. The open issues identified in context of these trends are done by ENISA reports and then these are taken care of to propose actions to take care of the entire situation. These risk mitigating recommendations are irrespective of industries as they can be building upon the cyber security activities of policy, research, education and business (Buse, 2017). These serve as the recommendations and ENISA taken upon themselves about the future activities for itself and the stakeholders of ENISA. The risk elimination recommendations according to the policy conclusions need to take into account elements of the cyber threat landscape in policy making actions.

Mitigation Strategies for Risks and Impact on System

Identification and discussion of the key threat agents

There have been several incidences noticed in the threat detection phase as described below:

• The attacks that the notorious ransomware called WannaCry that spread wrecked havoc in thousands of organization all around the world in the year 2017. WannaCry’s success was based on the fact that it used a leaked NSA exploit against Microsoft Windows SMB vulnerability. Interestingly, in this attack, the threat agent used another attack vector as well to further spread the malware.
• In the Wi-Fi enabled devices, KRACK was an identified attack that was done against the WPA2 security protocols. The vulnerability is actually a flaw in the protocol, likely affecting all correct implementations. ROCA is another flaw in a widely used cryptographic library used by a known semiconductor manufacturer. The flaw affects various devices, such as Estonian smart IDs (Belmonte Martin et al., 2015). In both cases the potential impact of these flaws is significant due to their wide reach.

These incidences have marked that identifying threat agents is very difficult in today’s world. The identified threats and the threat agents behind them have become increasingly difficult as a result of the rise in masquerading sophistication in cyber security threats. As per the ENISA reports, it has become very difficult to understand the threat agent behind a cyber security threat as it may represent the masked IP addresses of innocent people who are masqueraded by malicious hackers.

ENISA develops mitigation actions of the identified threats and risks based on the nature of the risks and threats. These can be mentioned as follows based on the baseline mitigation control for the threats:

• Risks can be eliminated based on the business information, which is the business intelligence. This way the risks to business and levels of espionage are easy to evaluate.
• Security policies should be made in every organization which should accommodate the human resource, business and operational security controls that would help in the loss of human resource as well as business assets (Sauerwein et al., 2017).
• The corporate practices for communication between workforces and other organizations should be properly trained and applied with the help if developing rules to keep operational parts defined up and running.

The ENISA reports for threat landscape assessment identify all the threats and trends of threats and analyses them to put up with a risk elimination recommendation to the industries. The open issues identified in context of these trends are done by ENISA reports and then these are taken care of to propose actions to take care of the entire situation. Therefore, it heavily affects every business organization in a good way by analysis the associated risk in every business process, along with identifying methods to eradicate the risks as a result (Cho et al., 2015). In addition to that, the ENISA reports are restricted due to the exponential change in the cyber world, but for a year it can compare well and find out mitigating results for every organization which is extremely helpful in preventing threats from unauthorized hackers and attackers.  

Conclusion

Thus, it can be concluded from the following report that the cyber security threats that are witnessed everyday by different agents in the cyber world are effectively summarized in the yearly report by the ENISA analysis. This provides a report based on a yearlong collection, assessment and analysis of all the activities that have occurred regarding cyber threats and which are found in the public domains. Based in the analysis of each year’s report, an overall recommendation is made to make further improvements in the process so that the problems can be dealt with improved care and caution when it occurs again. Yearly analysis made sure that if all the older cyber threat vulnerabilities are being effectively taken care of and if there has been an occurrence of any new cyber threat. In this report, the ENISA threat landscape has identified with regards to the following steps. Firstly, there has been an overview of the ENISA threat landscape followed by review of the literatures by different authors. Next, the threats, vulnerabilities and consequences of the cyber attacks has been derived from an IT control framework and any existing industry risk recommendations for the project has been provided based on that. It then consisted of the identification and discussion of the key threat agents with the mitigation of the risks and their impact on the system being described in details. Thus, it clearly depicts how the threat landscape in the entire Europe and its member countries portray vulnerabilities in the cyber world to provide feasible solutions to mitigate them.

References

Ab Rahman, N. H., Kessler, G. C., & Choo, K. K. (2017). Implications of Emerging Technologies to Incident Handling and Digital Forensic Strategies: A Routine Activity Theory. In Contemporary Digital Forensic Investigations of Cloud and Mobile Applications (pp. 131-146).

Belmonte Martin, A., Marinos, L., Rekleitis, E., Spanoudakis, G., & Petroulakis, N. E. (2015). Threat Landscape and Good Practice Guide for Software Defined Networks/5G.

Buse, M. (2017). EUROPEAN UNION CYBER SECURITY IN A GLOBALIZED WORLD. In International Scientific Conference" Strategies XXI" (Vol. 1, p. 159). " Carol I" National Defence University.

Cho, H., Choi, S., Han, K., & Yoon, K. (2015). Poster: Limitations and Improvement of Dynamic Analysis Environment for Malware Analysis. In 36th IEEE Symposium on Security and Privacy, May (pp. 0-065).

Fiedler, R., Settanni, G., & Skopik, F. (2017). The Importance of Information Sharing and Its Numerous Dimensions to Circumvent Incidents and Mitigate Cyber Threats 1. In Collaborative Cyber Threat Intelligence (pp. 129-186). Auerbach Publications.

Furnell, S., Emm, D., & Papadaki, M. (2015). The challenge of measuring cyber-dependent crimes. Computer Fraud & Security, 2015(10), 5-12.

Goldes, S., Schneider, R., Schweda, C. M., & Zamani, J. (2017, June). Building a viable information security management system. In Cybernetics (CYBCONF), 2017 3rd IEEE International Conference on (pp. 1-6). IEEE.

Gschwandtner, M., Demetz, L., Gander, M., & Maier, R. (2018, August). Integrating Threat Intelligence to Enhance an Organization's Information Security Management. In Proceedings of the 13th International Conference on Availability, Reliability and Security (p. 37). ACM.

Herzberg, A., Hollick, M., & Perrig, A. (2015). Secure Routing for Future Communication Networks (Dagstuhl Seminar 15102). In Dagstuhl Reports (Vol. 5, No. 3). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.

Kovanen, T., Nuojua, V., & Lehto, M. (2018, March). Cyber Threat Landscape in Energy Sector. In ICCWS 2018 13th International Conference on Cyber Warfare and Security(p. 353). Academic Conferences and publishing limited.

Rekik, M., Gransart, C., & Berbineau, M. (2018, June). Cyber-physical Threats and Vulnerabilities Analysis for Train Control and Monitoring Systems. In IEEE ISNCC 2018, International Symposium on Networks, Computers and Communications (p. 6p).

Sauerwein, C., Sillaber, C., Mussmann, A., & Breu, R. (2017). Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives.

Schulze, M., & Reinhold, T. (2018, June). Wannacry About the Tragedy of the Commons? Game-Theory and the Failure of Global Vulnerability Disclosure. In ECCWS 2018 17th European Conference on Cyber Warfare and Security (p. 454). Academic Conferences and publishing limited.

Scott, K. (2017, June). Phobic Cartography: a Human-Centred, Communicative Analysis of the Cyber Threat Landscape. In European Conference on Cyber Warfare and Security (pp. 426-432). Academic Conferences International Limited.

Sillaber, C., Sauerwein, C., Mussmann, A., & Breu, R. (2016, October). Data quality challenges and future research directions in threat intelligence sharing practice. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (pp. 65-70). ACM.

Somer, T., Hallaq, B., & Watson, T. (2016, July). Utilising journey mapping and crime scripting to combat cyber crime. In European Conference on Cyber Warfare and Security (p. 276). Academic Conferences International Limited.