The threat landscape is the entirety of potential and identified cyberthreats affecting a particular sector, group of users, time period, and so forth.
What’s included in the threat landscape
The threat landscape is usually thought of as including the vulnerabilities, malware, and specific groups of attackers and their techniques that represent a danger in a given context.
By “context,” we mean the specifics of a particular sector, organization, or even individual, including the following (among many more):
- Possession of information of value to attackers;
- Security level;
- Geopolitical factors (some threats, APTs in particular, target organizations or people based in a particular country or region).
The threat landscape changes both over time and as a result of events with a significant impact on the organization, group of people, or sector for which the threat landscape is defined. For example, as a result of 2020’s large-scale shift to work from home, attacks targeting remote-access tools have surfaced on many companies’ threat landscapes. The following factors, among others, influence the threat landscape:
- The emergence and discovery of vulnerabilities that provide cybercriminals with new attack opportunities;
- The release of new software versions with additional functionality;
- The development of new hardware platforms, as well as the emergence of new approaches to data processing, such as the use of cloud services or edge computing;
- Global events such as the COVID-19 pandemic compelling organizations to make major changes to their infrastructure.
Why understanding the current threat landscape is important
Threat landscape analysis makes it possible to see potential information security problems facing a specific entity — a company, an individual, or a whole sector — and to take preventive measures by adopting a proactive approach to information security.