Big data and the Internet of Things are the new digital battlefields in the cyber-threat landscape, the European Union Agency for Network and Information Security (ENISA) has reported in its recent 2013 threat landscape review.

In a year which ENISA says brought both good and bad developments, other findings were that threat agents have increased the sophistication of their attacks and their tools, and that not just a handful of nation states, but rather multiple nation states have now developed capabilities that can be used to infiltrate all kinds of targets – both governmental and private – in order to achieve their objectives.

Cyber-threats have also been observed to go mobile, with attack patterns and tools that targeted PCs a few years ago now having been migrated to the mobile ecosystem.

The review identifies the top threats – almost all of them also on the increase – as drive-by downloads, worms/trojans, code injection, exploit kits, botnets, physical damage/theft/loss, identity theft/fraud, denial of service, and phishing.

Data breaches, information leakage and targeted attacks are also among the top emerging threats for big data and the Internet of Things.

Among the positive developments observed in 2013, ENISA notes successes by law enforcement, the quality of information pertaining to cyber-threats which is facilitating threat analysis, and the increase in speed with which vendors are responding to threats and vulnerabilities via updates of their products. Cooperation among relevant organizations to commonly assess and defend cyber-threats has been envisaged and is expected to gain speed in the near future.

In its conclusions, ENISA finds the following needs:

  • Actively involve end-users in the defense of cyber-threats
  • Increase cyber-threat intelligence by creating and disseminating appropriate knowledge and by coordinating activities of relevant organizations
  • Increase the speed of threat assessment to reduce exposure
  • Invest in research to enhance appropriateness of security policies and security controls.

View ENISA’s Threat Landscape 2013 HERE