ENISA Cyber Threat Landscape an Alternative Approach.
Digital connectedness introduces a new Threat Landscape. it is agreeable that to adequately define any threat landscape one must fully understand the geographical vulnerability mapping and Risk(s) attached to every unit in an operational process, this may include analyzing internal or external access points, sectors, and evolving cyber security threats.
A UK Research by ECSEPA team & Professor Madeline Carr developed a "Mapping the Landscape" tool to create an effective, interactive, and organized security landscape for the public service sector. visit : -
ECSEPA Map | RISCS "Security is an extensive field If you only think about Offensive/Defensive Security, one life is not enough to master it perfectly. " - CISSP. Md Showkat Ali.
A well-developed CTL defines the adversary's approach and should question your organization's operational process integrity, legitimacy, and legality and proffer threat informed defense as well as defense in depth.
Threat Landscape for industrial automation system statistics in 2022 by Kaspersky: Lab reveals the TOP threat SOURCES
H1 TOP THREAT SOURCE 2022 (IN OPERATIONAL INFRASTRUCTURE)
- INTERNET
- REMOVABLE DEVICE
- EMAIL CLIENTS
Top Global Cyber Threat Landscape trends (Report for first half of 2022 by FortiGuard Lab)
- Ransomware Roundup : 2x growth in ransomware variants in H1 2022.
- Wipers Widening : with the Russia-Ukraine war H1 2022 saw a surge of wipers malware designed to delete data.
- OT Vulnerabilities: Operational Technology (OT) products are highly targeted both for financial and political gain, OT Risk surged due to interconnectivity.May 2022.
- Zero-day: 2020 to June 2022, the average number of 0-day published every six months has consistently kept rising.
Understanding the need for Re-Defining your Cyber threat landscape:
The Heterogeneity of cyber attacks against Critical Information Infrastructures (CIIs), Personal Identifiable Information (PII), Electronically Stored Information (ESi), and other Business operational functions has exponentially increased, hence the need to define the threat landscape of an organization is crucial, to ensuring an improved security implementation strategy, a quality security posture as well as its processes trustworthiness.
However, the dynamically changing cyberthreat landscape requirements for developing an adequate (CTL) seem preposterous, as factors like;
defined threat perimeter, scope, and measurements are impacted by risk exposure, high severity of diversity in attack, new attack complexity, landscape regulations, trust boundaries, unknown threat, etc. are constantly causing a shift in CTL.
AN ORGANIZATION'S THREAT LANDSCAPE SHOULD BE RE-DEFINED CONSEQUENTLY"90% of all data today was created in the last two years – that's 2.5 quintillion bytes of data per day." – Domo, "Data Never Sleeps 5.0"
(GOOGLE CLOUD CYBERSECURITY ACTION TEAM)ENISA-CTL creates a functional methodology around threat Taxonomy,(NIST EU Derivative14 2016/1148,12007, CSIRT, EC3 CSA) and current security requirements, geared toward setting the direction for the CTL planning phase.
"Every Cyber Threat Landscape model should be:
Actionable,
Timely, and
Accurate" - (ENISA-CTL)
ENISA suggests CTL Documentation & Perspective of CTL architecture structure:
- Strategic (80%)
- Operational (61%)
- Technical/Tactical (53%)
ENISA-CTL Encapsulate different elements used to produce ETL (phases of CTL):
- Direction
- Data Collection
- Processing
- Analysis & Production
- Dissemination
Other observable considerations for CTL; are - threat
meta-characteristics, threat trends, agents, attack vectors, possibly evolution, etc. which can be used when Defining Threat Landscape in a continuous threat persistent environment. Increasing in Threat = impact in the threat landscape.
The scope of the threat landscape:The cyber threat landscape scope is cut across various sectorial domains, hence it should be designed based on the company's own process, infrastructure, and resources.
The CTL Data analysis stage involves the preparation of Data either manually or automated (A.i Such as using SAT application to provide CTL intel).
ENISA CTL 4 Categories based on Nature of Analytics: ( unaided expert judgment, structured analysis, qualitative and empirical analysis)
CTL should be built to counter current and future predictable risks (i.e CTL Threat modeling)
A quality CTL can provide valuable threat insights, risks evaluation and can be an ad hoc guide for prompt threat incidence and threat response decisions
According to ENISA;
ENISA- CTL uses Cyber Threat intelligence Frameworks such as:
MITTRE ATT&CK (TTPs), CYBERKILLCHAIN, OSINT, CSAM, META-ANALYSIS, OASIS STIX 22, CVE 21 to map best practices and investigate fundamental requirements to ensure cyber resilience.
3 Types of Cyber Threat Landscape Outlined by ENISA-CTL
- Horizontal Ctl
- Thematic Ctl (5g vulnerability & stakeholders)
- Sectorial Ctl
100% Security might be an illusion nevertheless having a clear understanding of " What to Protect and How to Protect " helps you connect to the right security strategy.
Some CTL Advisory:
- advocate data consolidation
- Avoid Unnecessary complexity when developing a personalized CTL (refer to ENISA-CTL 2021 For CTL Template).
- Validate CTL before Implementation or using any external CTL Products.
- Have a working CTL team
- Feedback is needed
- Consult experts
- CTL should be amended and managed timely
- Automation improves CTL detective and preventive speed.
"Threat Landscape is Known only when all possible Vulnerability has been Discovered. " - David OT
Source :
www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape-2020------------------------------
David Olugbenga
Cybersecurity Analyst
Cybersine
------------------------------