The European Union Agency for Cybersecurity (ENISA) has identified and ranked the 10 top cybersecurity threats to emerge by 2030, after engaging in an 8-month foresight exercise.
ENISA’s Top 10 emerging cybersecurity threats are:
- Supply chain compromise of software dependencies
- Advanced disinformation campaigns
- Rise of digital surveillance authoritarianism/loss of privacy
- Human error and exploited legacy systems within cyber-physical ecosystems
- Targeted attacks enhanced by smart device data
- Lack of analysis and control of space-based infrastructure and objects
- Rise of advanced hybrid threats
- Skills shortage
- Cross-border ICT service providers as a single point of failure
- Artificial intelligence abuse
With the support of the ENISA Foresight Expert Group, the CSIRTs Network and the EU CyCLONe experts, ENISA brainstormed in a Threat Identification Workshop to find solutions to the emerging challenges in the horizon of 2030.
ENISA Executive Director, Juhan Lepassaar declared: “The mitigation of future risks cannot be postponed or avoided. This is why any insight into the future is our best insurance plan. As the saying goes: “prevention is better than cure”. It is our responsibility to take all measures possible upfront to ensure we increase our resilience over the years for an improved cybersecurity landscape in 2030 and beyond.”
The exercise shows that the threats identified and ranked stand as extremely diversified and include those most relevant today. However, ENISA says today’s threats will remain to be addressed as they will have shifted in character. The agency also observed that increased dependencies and the popularization of new technologies are essential factors driving the changes. Such factors add to the complexity of the exercise and thus make understanding the threats even more challenging.
Performed between March and August 2022, ENISA’s methodology included collaborative exploration based on the analysis of political, economic, social and technological factors also known as PESTLE analysis, threat identification and threat prioritization workshops.
The study considered the four groups of threat actors as referred to in the ENISA Threat Landscape report and used the current threat taxonomy dividing threats into high-level categories with a specific focus on intentional threats.
In order to identify threats, experts involved in the project resorted to science fiction prototyping or SFP. SFP consists of stories allowing participants to explore a variety of futures approached by different angles. SFP is based on a future scenario derived from trends and experienced from the point of view of a fictional character.