Threat Landscape
What is Threat Landscape?
Threat LandscapeCurrent picture of the threats facing an organization, sector, or region: actors, tactics, malware families, vulnerabilities, and trends over time.
The threat landscape is the dynamic, contextual view of what is attacking whom, with what tools, and why. It includes nation-state and criminal actors, ransomware crews, hacktivists, insiders, and automated bot armies, along with their preferred techniques mapped to MITRE ATT&CK. Key inputs are commercial and open-source threat intelligence, ISAC sharing, ENISA and NCSC reports, CISA advisories, and incident response post-mortems. Threat-landscape understanding shapes risk assessments, security investments, tabletop exercises, and detection engineering. It is sector-specific: banks, healthcare, manufacturing, and SaaS each face different prevalent threats.
● Examples
- 01
The 2024 ENISA Threat Landscape report highlights ransomware, supply-chain attacks, and AI-enabled phishing.
- 02
A healthcare CISO prioritises ransomware and hacktivist DDoS after the latest sector ISAC advisory.
● Frequently asked questions
What is Threat Landscape?
Current picture of the threats facing an organization, sector, or region: actors, tactics, malware families, vulnerabilities, and trends over time. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Threat Landscape mean?
Current picture of the threats facing an organization, sector, or region: actors, tactics, malware families, vulnerabilities, and trends over time.
How does Threat Landscape work?
The threat landscape is the dynamic, contextual view of what is attacking whom, with what tools, and why. It includes nation-state and criminal actors, ransomware crews, hacktivists, insiders, and automated bot armies, along with their preferred techniques mapped to MITRE ATT&CK. Key inputs are commercial and open-source threat intelligence, ISAC sharing, ENISA and NCSC reports, CISA advisories, and incident response post-mortems. Threat-landscape understanding shapes risk assessments, security investments, tabletop exercises, and detection engineering. It is sector-specific: banks, healthcare, manufacturing, and SaaS each face different prevalent threats.
How do you defend against Threat Landscape?
Defences for Threat Landscape typically combine technical controls and operational practices, as detailed in the full definition above.
● Related terms
- compliance№ 1151
Threat Vector
Channel or means through which a threat actor can deliver an attack, often used interchangeably with attack vector but with broader, threat-modelling connotation.
- compliance№ 073
Attack Vector
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
- compliance№ 071
Attack Surface
Sum of all points where an attacker can attempt to enter, extract data from, or manipulate a system, including networks, software, identities, supply chain, and people.
- appsec№ 1150
Threat Modeling
A structured analysis that identifies the assets, threats, vulnerabilities and mitigations of a system so security can be designed in rather than bolted on.
- compliance№ 687
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
- defense-ops№ 266
Cyber Threat Intelligence (CTI)
Evidence-based knowledge about adversaries, their motivations, and methods, used to inform defensive decisions and prioritize controls.