ENISA Network Case Study: Overview, Security Information, Insider Threat Strategies, Top Threats, And Threat Agents

Overview of ENISA Network Case Study

Discuss about the ENISA Network Case Study.

The European Union Agency Network and Information Security is an information security network that has a proficiency with the member of state and the European masses. The ENISA has a group that mainly helps to these high network agencies and states and gives a guidance on some quality and information surveillance that can be notices in the further discussion. ENISA helps to the member states and helps in the EU legislations with a wiese facility that enhances the flexibility and the vital information to the other networks (Zimmerman & Glavach,  2011). This is helpful in the contribution of the networking and information with special features that makes the augmenting capabilities in the member state as a supplement which expands the associations and the cross border relation with the information security and the helps of network enhancement with the EU (Taylor, 2010).

There are board of managements that include in the organizational structure, the director, stakeholders and the executives that work in group while achieving the objective of the system and helping the networking area. The main objective of ENISA is the enhancement of the EU and the capability that helps in the commission and the member state to solve the relevant problems of NIS (Pál Michelberger & Csaba Lábodi, 2012). The assistance is also provided by the ENISA and an advice that matters in the NIS while there are some rules and regulations that are been set with the NIS. There is a high level of specialists and expertise that is been provided and this smoothens the main functions with the public and the private sector with a particular supervision of technical work a particular area of NIS. The task of the agency was to provide the information and the exchange of data to the EU institutions and the related member of states that require the information. The CERT’s network is commonly promoted and the standardization of the network is provided by ENISA to make sure that the information goes smooth and in flow (Leibolt, 2010).

The risk assessment is been focused along with the risk management that is conducive and helps to mainly implement the strategies and the best practices as mentioned. There is an awareness of the risk and the network when it comes to the security and the safety purpose of the NIS problems and issues. This states that the scope and the activity is diversified while promoting the activities that need reduction of risks and its activities in public and private sector (Krutz & Vines, 2010).

ENISA Security Information

There are number of issues and problems that are emerging these days and they are threats which are merely connected with the security issues, this may probably require the concern with the subjective security in the companies (Choo, 2011). There is a detailed research that has been derived with the debates and arguments by the experts and the authors while analyzing the scope of material that is available in the network security. There are areas that are created as an emerging network with the internet and the smart phones that require security infrastructure. The advanced technology has some bitter truth that reveal (Hoopes, 2012).

Cloud computing: this is a feature that has the latest and the advanced technology which is mainly allowed to keep the information and store it in a high level of security which is needed the most these days (Grubor & Njeguš, 2012). The Cyber Physical system is the latest and the advanced way of protecting the information which is at a high end and has a critical analysis and information which can save the the quality information that is mainly engineered by the smooth operations of the specialists (Grance et al, 2005). Mobile computing is concerned with the role of automobiles such as mobile and is considerably an initiative to protect the upcoming generations that is the most needed security in the mobiles. There is a base that is attached with the security concern as it has a technology union which is an important characteristics for the mobile users while downloading certain applications in the mobile (Gottlieb,  2012).

Trust infrastructure is basically the authenticated structure which is a dependent infrastructure in real life and helps to contribute the advanced technology with the important scope that is needed as a cyber security now a day. There are drastic changes that are introduced these days and these are the threats that need to be controlled with innovation. It emerges as the latest and the ever lasting trend int eh cyber security concern (Gorzelak et al, 2011).

 

Figure 1: ENISA Network System

Reference: Researcher Own Model 

Internet smart environment is the smart surrounding environment with the connected device that has been in most of the sectors. This environment generally leads to a environment that has sufficient concenr regarding the infrastructure and the security (Erickson, 2012). With the Big Data concern, it is an unexplored function and an area that represents and contributes significantly in constructing an intelligence that may reduce threat in the management and the information technology department (Khonji et. al, 2013).

Insider Threats and the Strategies

Insider threats can remove or steal the information with variety of reasons that can be exposed in the network. There is a certain degree where the insiders may entitle the degree of threat for a company and may steam information of the company which is called as maneuver. At numerous level, these should be analyzed because it can damage the company with its personal information and the threat arise at a higher degree. There are risk allevation strategies that can be applied at the early statge when the threats become destructive or are motivated while not paying an attention to the threats. There are many such type of insider threats which are harmful are are described in brief as follow (Gulenko, 2013).

Careless insiders mainly are the threats which press the wrong key and are simply a danger to the company so these should be modified and there are critical information that can be safeguarded when it is useful. Malicious insiders are the most frequent threats which have the potential threat at a high level and are caused with a damage once they enter in the system. this is all because of the internal access that has been allowed to some of the employees of the company. As such the users with certain privileges can identify and this is the most hazardous insider threat (Algarni et al, 2013). This is an information that is moreover a result which causes a malevolent assaults with a major expensive threat.

Exploited insiders mainly are observed as hoaxed that have some external parties which help to give information or the identities and the passwords that shoud not be provided to any party. There are some measures and ways that can be characterized with the insider threats such as an effective program can be implemented that may help to safeguar the data which is important and the past threats would be observed with the lessons. The diminishing of the partners can be done that allow the access of the information to the company. the behavior can be suspected and all od the suddent there can be resignations and termination of contracts if the threats prevail in the company (Brandon Atkins & Wilson Huang, 2013). The privacy issues that are given to the employees and the relevant staffs should be noticed so that there are no chances of insider threats and the company’s information can be protected.

Top Threats

The cyber threats these days are emerging and there are top threats that can be considered by the company with a significant increase in the threat which matters in quality and the quantity of threats. There are some recorded threats that are web based, DDoS threats, Phishing, etc. As considered with the number of threats that spread a cohesive information regarding a company, the most recent threats are categorized. The private information is collected while these threats prevail in the company. At this end the identity threats are noticeable with some companies that exaggerate the important identities, personal profile, important credentials, information regarding the credit card and the debit cards, accessible codes, financial statements or as such some technical data which is the most important for the cyber criminal (Algarni et al, 2013).

This is the private information, which is called as Personal Identification Infromation in the technical language abbreviated as PII. This is not free as such from the overlap of the infroamtion or the data breach that can be analyzed effectively while leakage of the information is felt in this situation. There are certain matter that are targeted and are planned by the cyber terrorists to achieve some information, as such it is an individual threat that is called as a valuable asset wit the PII that is often targeted in the cyber space attacks. PII is a part of information or a data that is a subjective matter and leakages the private information that can be considered with applicable sources which are important in the company. there are many issues that are related with the threat and is a theft wherein the consumer faces many issues while detecting the fraud that is mainly observed in different situationsthat have some financial constraints and thereby fraud is observed seemingly with a consumer mistrust activity and digital means that is mainly in the financial transactions (Ahamad et al, 2008). 

Threat agent can be defined as any person or a thing that acts to carry, cause, transmit, or support a threat. Within the performed analysis several threat agent libraries have been found out. There are three major factors for a threat agent to be able to exploit vulnerability: the capability factor, motivational factor and opportunity. There are several characteristics of threat agents such as access, objective, intent, skills, resources, motivation etc (Okenyi & Owens, 2007). The characteristics of these threat agents are evolving and they are subjected to change and as a result of it continuous threat agent identification method is must. Following are some of the key threat agents impacting the system:

Threat Agents

Cybercriminals: They are hostile by nature with a motivation of financial gain and are highly technically skilled and well equipped. Most of the incidents observed are from this group of threat agents. These people make use of high performance computing equipments and technology and are a part of well organized groups.

Corporations: It refers to the organizations that adopt offensive tactics and are considered as hostile threat agents with the motivation to build competitive advantage over their competitors. Their aim is to gather business intelligence, stealing competitive information, or to cause even damage to the competitors (Marinos, 2013).  It is also possible that a corporation can heir a salaried threat agent from some other group to accomplish the objectives.

Online social hackers: From amongst all the groups this group is considered a part of criminal activities. These social hackers are equipped with at most social engineering knowledge and can very well understand the behavior and psychology of the victim. Major tools that are used here are analysis of social engineering information, study of profile of the victim etc. Social networking is on its peak and with the increasing use of it these group will play a significant role in cyber attacks (Choo, 2011).

Hacktivists: Hacktivists is emerging as a new trend in threat agents. These groups are motivated socially and politically and make use of computer systems in order to promote and protest for their objectives and cause. The major victims for these groups are high profile websites, intelligence agencies, corporations etc.

Employees: This group refers to a number of people ranging from staff, contractors, guards etc. They are considered as hostile and well as non hostile threat agents having access to the organization’s resources and passing it to other in order to achieve the objective. There are several steps that can be done to avoid such attacks in future such as identification of the threat agent, containment of the threat agent, forensic investigations recover and report and share the threat data.

The social networking websites are not just for communication or to interact but are also a very good tool for business corporations for their promotions and with the increased number of social networking users, the hackers steal the personal information about the victim and send unauthorized messages called spam and as a result of this the ratio of social hacking is also increasing to a great extent. Social networking sites such as Facebook, Twitter etc have become an integral part of day today life which is immensely influenced by the IT. Lately social networking has attracted thousands of users which represents potential victims for the social hackers. There are several ways in which an attacker can obtain their objective through the use of social engineering techniques such as phishing, baiting, physical baiting , watering hole attack, spear phishing etc. 

Phishing is one of the forms in social engineering in which the attackers try to acquire the sensitive information about the victim by representing as a trustworthy third party. Taking an example a hacker will represent himself as an online auction site without even knowing anything about the recipient. The attacker would try and gain the trust of the victim first by gathering the information about their bidding and purchase preferences. This kind of phishing attacks can be successful by means of publically availability of personal information about the victim on the social networks. In social hacking, social engineering refers to manipulation of an individual in order to make them do certain actions which are useful for the hackers. Social engineering requires common aspect of life such as knowing human psychology in terms of courtesy, greed, apathy etc of the victim.

It is basically used to transfer the malicious software forming a part of the attack in order to gain additional information and obtaining the access to the secure systems. One of the other wide scale attacks is baiting which make use of online advertisement and websites. This advertisement contains offers that are too good with an urgent warning. The user is allowed to browse something or stream a video which a victim’s system will prompt or detect a problem with, which is solved by a victim clicking on it. Though the successful social engineer will get around the securities but there are several things that can be done to avoid social attacks such as spam filters, antivirus software etc.

In the era of modern technology, where the cyber usage has been increased at a jet speed, the infectious behavior of the cyber criminals has also been spread around with its maliciousness. In the earlier days, spam and phishing had been the major vector of transporting for the malevolent code, but in recent the web based viruses and browser supported exploits are leading the trend. Web based attacks have spread its arms with an in-depth corrupting the computer systems and affecting it to the core. Malwares and Trojans have been consistently thinning out and severely affecting the ENISA with the highest effect and progressive in nature. Such attacks are risking the systems to an extent of crashing them. Amongst the decreasing trend, exploit kids, effects of theft, scare ware and web based attacks have been exhibiting risks on a lower side.

However, to the list of decreasing trends, even botnets, spamming, phishing, etc are also to be included. Denial of Service (DdoS) has proved to be an adversary and been defining it to be harmful for the systems to survive. In the upward trend of increase in the Trojans and web based injections, it has become apparent for the business houses and the ENISA to combat with utmost security and take relative measures as pertinent to the threats arise. Many of the threats emerged have been the cause of including to cyber crime and this is the significant eye catching incident in the threats emerging in these modern world. As per the relevant trends in the threats, the breach of information with regards to the highly integrated system inside the organization also hinders the firm’s privacy and need to be dealt with utmost concern (Nilkund Aseef et al, 2005).

Hackers have been using sophisticated methods to widespread the paws of its malicious codes. Such threats have been leading to problems of breach of information, leakage of institutional secrets, blocking of private and confidential data, easy access to the personal mails, photos and all other related information  (Northcutt et al, 2011). To safeguard these means of privacy and information, various preventive measures have been taken which has been paused the effect of such malicious code on the systems and their information to an extent. However, in all this methods and measures authorization has played a vital role for the frequent and trouble-free right to use to the individuals. Henceforth, we can see such type of trend in threats in this world of modern technology with its positive as well negative effects over the people’s lives.

ENISA Threat Landscape (ETL) is a consolidation of top cyber threats and budding trends of threat in a variety of technological and application areas. It provides a wide range of relevant references for the base of analysis of cyber threat assessment. ETL provides the expanded information on the vector attacks, graphic demonstration of means of attacks, targeted audience and subjugated vulnerabilities. ENISA has formulated its threat intelligence to deal with issues of threats assessment inclusive of stake-holders needs and making growth in area of threat intelligence. With due respect to the legislations of the EU regulations, ENISA has given importance to cyber security and the up roaring threats (Dong, 2009).

ETL process can be improved by means of appointment of such creative individuals who aims to develop cyber security measures and effectively contributing in calculated, premeditated and well equipped levels of security administration (Parfomak, 2008). ETL is a source comprising of varied information of threats analysis in areas of technology and cyber threats, proving to be boon for non-experts. A fully dedicated cluster of individuals who makes sure that the threats are analyzed in depth and takes in consideration the risks in the system. Companies should devote at some level, some specially individual oriented and particular technologies to fetch the information usable to execute researches (Waxman & Matthew, 2011).

This would be in benefit of the ENISA to find out the area of improvement and means of improvisation which needs essential focus. Such recommendations are being observed and prove to be helpful to maintain with accurate record which would enhance the performance of the ENISA and its reliability. Identified and improved ETL processes would help to tackle the identified errors and the vector attacks with high security measures (Jaishankar, 2007). The security matters have been generated as per the requirements of the company and ETL would be an aid to such security issues to curb the cyber threats in an organization.

Planned security controls, managerial decisions related to the emerging threat trends, policy recommendations related to security and analysis of the information supporting the policies, are the other suggested improvements to improvise the ETL process. In time identification of the emerging threats, evaluation of the techniques to overcome such security barriers, consideration of related measure to overcome such barrier and then implementation of exact threat landscape would make the perfect ETL a success.

For every one minute, half a million of attacks are corrupting the cyber space. With the increase in machine to machine attacks a huge play ground for the vectors to spread its malicious codes into inters connected system (Vivek Anandpre et al, 2007). With inter connected devices, or “Internet of Things” the promptness for the hackers has been fully flourished. This happens to be a barrier to prosper with the growth of attacking surface. Connected devices are hardly secure and due to such proliferation, the number of attackers is to reach sky. In the upcoming years, the advancement of mobile and cloud technology, simultaneously eruption of Internet of things, leads to the rise security and risk managing measures.

ENISA is a hub of meticulous information collected by all means of various important sources and utilized for the analysis and assessment of the threat agents and their effect on the cyber space. In such situation, it becomes evident for the ENISA to combat with its threats and also take effective security measures that would safeguard the files and records (Yeboah-Boateng, 2013).  Even the cloud structure and big data has proved out to be one of the biggest threats to which ENISA might need to consider and also make pre-hand arrangements to fight them. In this era of latest and modernized technology, ENISA’s threat landscape needs to be strong enough to portray a very potential cyber threat barrier.

The most prominent threat emerging in the forthcoming years are of malicious code and the DDoS attacks. Such threats can be detected with the security installed in the databases of the company and the IT systems. The Trojans and bots are also one of the emerging threats to which ENISA need to make its resources useful and exploit them to its fullest to combat such threats. Hackers will be utilizing sophisticated methods to renew their malicious codes in the cyber systems. Mobile computing, cloud computing are an easy modes to attack public and private network as well corporate networks.

The threats are evolving so much due to a constant detection by the hackers on the security tactics and they make a constant effort to understand the law enforcements and security vendors which would contribute to safeguarding the threats (Hui Wang et al, 2006). Henceforth, ENISA need to combat such new threats in the upcoming years and also make prominent measures to safeguard the security systems and protect its data, records and information from the malwares and malicious codes.

There are various efforts that has been put by ENISA which is reported and observed, it helps to majorly reduce the attacks of cyber crime and helps to reduce the virus and hacking that has been a common trend these days (Cyber Threat Intelligence Group, 2015). There are major threats that cannot be overlooked and this aims to be the objective of the ENISA, at some stage these threats cannot be treated or cannot be detected at the first hand because the virus has been spread in the system and it becomes a difficult task that is significantly been noticed. This affects the system and there are some similar risks that are attached which shall be addressed frequently by ENISA. ENISA should be partially satisfied with the current state of the security it provides to the firms and the member of states because as such there are certain threats that are not under control, still it tries to improve in each direction with the help of advanced technology that is noticed in ENISA.

The security should be conveniently more authorized with the legal imperatives that are observed in the nature. Security is the main issue and ENISA should be robust that may help in reducing the attacks in the near future while there are business threats that can be noticed which affect the company and in a major way (Nilkund Aseef et al, 2005).  There is a comparison that states that the ENISA system should have a huge security as an increase in the cyber threats are impacting the system and the companies. The threats and risks that ENISA has covered are in numbers and these are dangerous with an extreme level of threats that can be witnessed as the disaster in the near future, so the system tries to reduce and detect the threats. It is satisfying while there are opportunities that can be led to cover these threats in the future with a high level of frequency used in the information and technology  (HP Fortify, 2014).

References

1. HP Fortify (2014). “Internet of Things Research Study: 2014 Report.” Hewlett Packard, 29 Jul 2014.
2. Cyber Threat Intelligence Group (2015). “Web Data Reveals ICS Vulnerabilities Increasing Over Time.” Recorded Future Blog. Recorded Future, 9 Sep 2015.
3. Hui Wang, Shufen Liu, injia Zhang. (2006): A Prediction Model of Insider Threat Based on Multi-agent. 2006 1 st International Journal of Future Generation Communication and Networking Vol. 3, No. 2, June, 2010 Vol. 3, No. 2, June, 2010 40 International Symposium on Pervasive Computing and Applications, 2006
4. O.Yeboah-Boateng(2013) , “Of Social Engineers & Corporate Espionage Agents: How Prepared Are SMEs in Developing Economies?,” Journal of Electronics & Communications Engineering Research (JECER), vol. 1, no. 3, pp. 14-22, November 2013.
5. Vivek Anandpare, Andrew Dingman, Markus Jakobsson, Debn Liu & Heather Roinestad (2007), “Phishing IQ Tests Measure Fear, Not Ability,” 2007.
6. Jaishankar (2007), “Establishing a Theory of Cyber Crimes,” International Journal of Cyber Criminology, vol. 1, no. 2, July 2007
7. Dong (2009), “Defending Against Phishing Attacks,” University of York, 2009.
8. W. Parfomak (2008) CRS Report for Congress “Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options”
9. Waxman, Matthew C.(2011), ‘Cyber-Attacks and the Use of Force’, The Yale Journal of International Law 36 (2011), 421–59.
10. Stephen Northcutt et al. (2011), Security Predictions 2012 & 2013 – The Emerging Security Threat,
11. Nilkund Aseef, Pamela Davis, Manish Mittal, Khaled Sedky, Ahmed Tolba (2005), Cyber-Criminal Activity and Analysis,White Paper, Group 2.
12. Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions.Computers & Security, 30(8), 719-731.

1. Marinos, L. (2013) ENISA Threat Landscape Overview of current and emerging cyber-threats European Union Agency for Network and Information Security December, 2013. 

1. Okenyi, P. O., & Owens, T. J. (2007). On the anatomy of human hacking. Information Systems Security, 16(6), 302- 314. 

1. Ahamad, M., Amster, D., Barrett, M., Cross, T., Heron, G., Jackson, D., & Traynor, P. (2008). Emerging cyber threats report for 2009

1. Brandon Atkins, Wilson Huang (2013), “A Study of Social Engineering in Online Frauds”, Open Journal of Social Sciences2013. Vol.1, No.3, 23-32 Published Online August 2013

1. Algarni, A. et. al. (2013). Social Engineering in Social Networking Sites : Affect-Based Model. The 8th International Conference for Internet Technology and Secured Transactions (ICITST). 9-12 December. London, United Kingdom : IEEE, 508-515.
2. Gulenko, I. (2013). Social Against Social Engineering: Concept And Development Of A Facebook Application To Raise Security And Risk Awareness. Journal of Information Management & Computer Security. Volume 21(2), 91-101. Emerald Group Publishing Limited. 

1. Khonji, M. et. al. (2013). Phishing Detection: A Literature Survey. IEEE Communications Surveys & Tutorials. Volume 15(4), 2091-2121. IEEE. 

1. Erickson, T. (2012). IDS, “Digital Universe Study for EMC Corp., SearchStorage.com,” The Security Help Net News, 2012 

1. Gorzelak, K., et al.(2011). “Proactive Detection of Network Security Incidents,” ENISA, 2011 

1. Gottlieb, J.(2012). “Key Challenges in Proactive Threat Management, CEO of Sensage,” The Security Help Net News, 2012 

1. Grance, T., Chevalier, S., Kent. K. & Dang, H. (2005). “Guide to Computer and Network Data Analysis:” Applying Forensic Techniques to Incident Response, NIST Special Publication 800-86, 2005 

1. Grubor, G. & Njeguš, A.(2012). “An Application of Proactive Digital Forensic in Cloud Computing Environment,” International conference TELFOR. Belgrade, 2012 

1. Hoopes, J.(2012). “Virtualization for Security,” Syngress, ISBN: 1597493058, 2012 

1. Krutz, R. L. & Vines, R. D. (2010). “Cloud Security: A Comprehensive Guide to Secure Cloud Computing,” Wiley Publishing, https://23510310jarinfo.files.wordpress.com/2011/08/ebooksclub-org_cloud_ security_a_comprehensive_guide_to_secure_cloud_computing.pdf, 2010 

1. Leibolt, G.(2010). “The Complex World of Corporate Cyber Forensics Investigations,” Springer’s Forensic Laboratory Science Series, 2010 

1. Pál Michelberger Jr., Csaba Lábodi, (2012). “After Information Security – Before a Paradigm Change (A Complex Enterprise Security Model),” Acta Polytechnica Hungarica, Journal of Applied Sciences, Volume 9, Issue Nr. 4, 2012 

1. Taylor, P. (2010). “Proactive Forensics in the Workplace, Litigation and Forensics, Data Recovery Services,” Inc. www.legalforensics.com, 2010 

1. Zimmerman, S., Glavach, D.(2011). “Cyber Forensics in the Cloud,” The Newsletter for Information Assurance Technology Professionals, 4, No. 1, pp. 4-7, 2011