1

Supply Chain Attacks Top Cyber Threat for 2030 – ENISA

The European Union’s leading cybersecurity agency predicts that ‘Supply Chain Compromise of Software Dependencies’ will be the most prominent cyber threat in 2030

 

Software supply chain attacks are the most concerning threat EU organizations could face in 2030, according to the European Union Agency for Cybersecurity’s (ENISA’s) 2024 update of its Foresight 2030 Threats.

 

For the second year in a row, ‘Supply Chain Compromise of Software Dependencies’ was the highest-ranking threat in the European cybersecurity agency’s predictive report, published in March 2024.

 

This is despite a decline compared to past years’ results in the overall score of impact and likelihood.

 

“More integrated components and services from third-party suppliers and partners could lead to novel and unforeseen vulnerabilities with compromises on the supplier and customer side,” ENISA wrote in the updated report.

 

The agency estimates that this threat could come from both nation-state and cybercriminal groups, which are likely to conduct sabotage, theft, and network reconnaissance campaigns as well as inject malicious code in commodity software.

 

This threat’s potential impact spans data leakage and loss to malfunction and disruption.

 

Human Error, Legacy Systems Still Top Threats

 

The top three also remain untouched compared to 2024’s ranking, with ‘Skill shortage’ as the second most prominent threat and ‘Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems’ as third.

 

However, a new threat, ‘Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem,’ has been added to the top five.

 

Top ten ENISA cyber threats for 2030:

 

  1. Supply Chain Compromise of Software Dependencies
  2. Skill Shortage
  3. Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems
  4. Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem (New)
  5. Rise of Digital Surveillance Authoritarianism / Loss of Privacy
  6. Cross-border ICT Service Providers as a Single Point of Failure
  7. Advanced Disinformation / Influence Operations (IO) Campaigns
  8. Rise of Advanced Hybrid Threats
  9. Abuse of AI
  10. Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure (New)

 

AI and Deepfake-Related Threats Looming

 

Other cyber threats cited in the ENISA’s report that do not make the top ten include ‘Manipulation of Systems Necessary for Emergency Response,’ ‘Tampering with Deepfake Verification Software Supply Chain’ and ‘AI Disrupting/Enhancing Cyber-Attacks.’

 

The first edition of ENISA’s Foresight 2030 Threats report was published in 2023.

 

The agency uses this report to increase awareness of future threats and countermeasures amongst its member states and EU institutions, bodies, and agencies (EUIBAs) stakeholders, in line with the institution’s sixth strategic objective, ‘Foresight on Emerging and Future Cybersecurity Challenges.’

 

The ranking is the result of ENISA’s research, which follows an in-house cybersecurity foresight methodological framework grounded in foresight research and future studies.

 

This framework was developed in 2021 in collaboration with the Ad-Hoc Working Group, which includes futurists, sociologists, forecasters, and foresight experts.

 

Source: ENISA

Related Posts

card__image

Cyberattacks on Critical Infrastructure: The Digital Battlefield

Cyber threats are escalating in critical sectors like energy and healthcare. Recent warnings from CISA, NSA, and FBI highlight vulnerabilities exploited by Chinese-linked operations.   In today’s world, it’s hard to miss the constant buzz about cyber threats, especially when they hit critical infrastructure and sectors like energy, healthcare, and transportation. These attacks are not […]

card__image

Cybersecurity workforce growth stalls and skills gaps widen

A first look at data from the 2024 ISC2 Cybersecurity Workforce Study has revealed a marked need for organizations to increase opportunities for cybersecurity workforce growth, enable more entry-level professionals to enter the field, and develop much-needed skills with support from experienced peers.   According to new research, the growth of the global cybersecurity workforce […]

card__image

Surge in DDoS Attacks: Gcore Report Reveals 46% Increase in First Half of 2024

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report.   Key Takeaways […]