In late October 2021, the European Union Agency for cyber security (ENISA) published its Threat Landscape Report. Now, in its ninth edition, this report should be considered the primary source material for IT professionals serious about addressing cyber threats and mitigating cyber risk.
This is true irrespective of whether you have a technical or corporate risk background. It’s a subject that could easily fill a book, but let’s focus instead on three issues raised by the report. Ignore them at your peril.
Email-related threats (that fool humans)
The report distinguishes between email-related threats that exploit weaknesses in the human psyche and our everyday habits, versus technical vulnerabilities in information systems. It’s fair to say that familiarity with awareness and training programmes was heightened in 2021 as unsavoury phishing training practices hit the headlines on both sides of the Atlantic.
In the UK, West Midlands Trains suffered significant public backlash for entrapping its staff with an email containing a lure that promised a bonus to staff for their loyalty and commitment throughout COVID-19. Change the location to the US, and the business involved to…
