ENISA top threats of 2017 focus more on phishing
The EU’s information security agency, European Union Agency for Network and Information Security (ENISA), top threats of 2016 and 2017 have kept Malware, Web based attacks, and Web application attacks at the top of its list. What changed in 4th and 5th place are that Denial of Service and Botnets have been outranked by Phishing and Spam.
There has been a remarkable increase in spear phishing which resulted in new record highs of data breaches. 95% of successful attacks worldwide have been attributed to evading end-point detection through obfuscation and fraud (such as posing as a CEO.)
Recommended mitigation activities in the ENISA report include: Reliance on all inbound/outbound channels (not just end-point) including network, web, applications, mobile devices, etc; Efficient response by interfacing detection points with an incident management solution; Sharing malware information; Developing policies and role for case handling; Developing solutions to cover gaps; Ensuring regular updates of controls and adapting to new attack methods; and, regularly monitoring effectiveness of antivirus.