A skill shortage, vulnerable supply chains, and unpatched systems are among the ten cyber threats that will have the most impact by 2030, the European Union Agency for Cybersecurity (ENISA) foresees.
ENISA updated its foresight on cybersecurity by including two new additional threats to the top ten list. The comprehensive analysis of emerging cybersecurity threats projected for 2030 is an update to the report from two years ago.
On top of the list, the highest-ranking risk remains “Supply Chain Compromise of Software Dependencies,” which saw its impact and likelihood score decline slightly.
“This is considered as an after-effect of the expanding integration of third-party suppliers and partners in the supply chain, leading to new vulnerabilities and opportunities for attacks,” ENISA writes.
The ‘Skill Shortage’ threat has significantly moved up the ladder to take second position. ENISA is concerned about organizational willingness to develop talent and bridge the educational gap in cybersecurity.
“This appears to be closely connected to threats related to unpatched systems, as it interferes with the familiarization of staff with the multitude of tools at hand to update unpatched services that are vulnerable to exploitation,” ENISA explains.
In the third position, ENISA listed the “Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems” threat.
This is followed by the new threat in the top ten list: “Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem.”
The fifth threat, the “Rise Of Digital Surveillance Authoritarianism/Loss of Privacy,” shows a slight decline in both impact and likelihood, indicating a nuanced perspective on the long-term implications of digital surveillance practices.
The “Cross-border ICT Service Providers as a Single Point of Failure’ threats” have significantly moved up to sixth place due to growing concerns that can emanate from the growing ICT interconnectedness in critical infrastructure between EU Member States.
“Advanced Disinformation/Influence Operations Campaigns” remain a significant threat despite experiencing a slight decline in perceived prominence.
The two following threats are described as the “Rise of Advanced Hybrid Threats” and “Abuse of AI.”
“The rise of the ‘Abuse of AI’ threat can be considered an expected outcome of the widespread emergence of AI models in our lives and the relevant concerns regarding the growing reliance on AI,” ENISA explains.
The list is completed by a new entrant, the “Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure” threat.
“Persistent observation and assessment of the current threats and trends is key to achieving a higher level of cybersecurity. In this way, we better withstand today’s challenges and enhance our mitigation plans for the years to come,” Juhan Lepassaar, ENISA Executive Director, said.
Two threats were removed from the list. Those are:
- Lack of Analysis and Control of Space-based Infrastructure and Objects
- Targeted Attacks (e.g., Ransomware) Enhanced by Smart Device Data
“This suggests a reassessment of their immediate impact compared to other emerging threats,” ENISA explains.
Concerning trends
Twenty-four experts who participated in the study expressed concerns about emerging trends in cybersecurity.
Accelerating global interconnectedness is expected to lead to the increased political power of non-state actors. There are worries that the nation-states will struggle to keep up with their ability to control and regulate new evolving forms of interactions.
User data collection and behavior assessment are still experiencing a significant increase. While automation and improved targeting present significant opportunities, the challenges include “the need for accurate and context-aware analysis, addressing biases in behavioral profiling, acknowledging the potential limitations of data-driven models, and considering the adaptability of individuals in shaping the outcomes of behavioral analysis.”
Among other trends, experts noted the increasing reliance on automated data analysis for decision-making, the growing number of satellites requiring regulatory frameworks, the challenges associated with controlling personal data, and the rising energy consumption in digital infrastructure.
Your email address will not be published. Required fields are markedmarked