The European Union Agency for Cybersecurity (ENISA) publishes the executive summary of this year’s ‘Foresight Cybersecurity Threats for 2030’ presenting an overview of key findings in the top 10 ranking.
The following top ten list includes a revised line-up of the emerging cybersecurity threats to have an impact by 2030:
1. Supply Chain Compromise of Software Dependencies
2. Skill Shortage
3. Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems
4. Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem [New in Top Ten]
5. Rise of Digital Surveillance Authoritarianism / Loss of Privacy
6. Cross-border ICT Service Providers as a Single Point of Failure
7. Advanced Disinformation / Influence Operations (IO) Campaigns
8. Rise of Advanced Hybrid Threats
9. Abuse of AI
10. Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure [New in Top Ten]
Despite a slight decline compared to past years’ results in the overall score of impact and likelihood, ‘Supply Chain Compromise of Software Dependencies’ still remains the highest-ranking threat. This is considered as an after-effect of the expanding integration of third-party suppliers and partners in the supply chain, leading to new vulnerabilities and opportunities for attacks. ‘Cross-border ICT Service Providers as a Single Point of Failure’ threats have significantly moved up due to growing concerns that can emanate from the growing ICT interconnectedness in critical infrastructure between Member States.
It is also notable that ‘Skill Shortage’ threats have significantly moved up the ladder to the top threats, moving from the end of the list to the second place. While efforts have been focused on fulfilling the skills shortage challenge, organisational willingness to develop talent and bridge the educational gap still remain a concern in cybersecurity. This appears to be closely connected to threats related to unpatched systems, as it interferes with the familiarisation of staff with the multitude of tools at hand to update unpatched services that are vulnerable to exploitation.
Other key takeaways of the threats review are the addition of the ‘Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem’ and the ‘Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure’, as a result of a shift in perceived impact and likelihood score.
Likewise, the rise of the ‘Abuse of AI’ threat can be considered an expected outcome of the widespread emergence of AI models in our lives and the relevant concerns regarding the growing reliance on AI. This led to the exclusion of the ‘Lack of Analysis and Control of Space-based Infrastructure and Objects’, and ‘Targeted Attacks (e.g. Ransomware) Enhanced by Smart Device Data’ threats from the top ten list.
Read the full press release on ”enisa.europa.eu”
Download (.pdf file, 603KB) the Foresight Cybersecurity Threats For 2030 – Update 2024: Executive Summary – ”enisa.europa.eu”