ENISA, the EU Agency for Cybersecurity, has published The ENISA Threat Landscape 2022 (ETL) report. The long-running annual publication looks at the current state of the cyber security threat landscape. The 10th edition covers a period of reporting starting from July 2021 up to July 2022.
Ransomware is still a prime threat, with phishing now identified as the most common initial vector of such attacks. Distributed Denial of Service (DDoS) attacks sit alongside ransomware as a top threat.
The challenging geopolitical situations during the report period, particularly the Russian invasion of Ukraine, have acted as a ‘game changer’ says the report, and the emergence of a wider range of vectors such as zero-day exploits and AI-enabled disinformation and deepfakes have added to the growth in damaging impacts.
Threat analysis across sectors
Added last year, the threat distribution across sectors is an important aspect of the report as it gives context to the threats identified. This reveals that the top sectors targeted are public administration and governments (24 percent) and digital service providers (13 percent).
An impact assessment of threats reveals five types of impact: damages of reputational, digital, economical, physical, or social nature. Although for most incidents the impact really remains unknown because victims fail to disclose information or the information remains incomplete, says the report.