Top Emerging Cybersecurity Threats (and How to Mitigate Them)

Just as your organization thinks it is prepared, new cybersecurity threats appear.

In March 2023, the European Union Agency for Cybersecurity (ENISA) published its list of the 10 top cybersecurity threats to emerge by 2030.

Based on an eight-month foresight exercise, the threats identified are still relevant today, but will have shifted in character, prompting ENISA to declare that the cybersecurity community must “…take all measures possible upfront to ensure we increase our resilience…”

The Top 10 New Emerging Cybersecurity Threats

Ranked in order, below are some of the most alarming threats identified by ENISA, plus suggested remediation actions your organization can take to ensure cyber resilience:

1. Supply chain compromise
2. Advanced disinformation campaigns
3. Rise of digital surveillance authoritarianism/loss of privacy
4. Human error and exploited legacy systems within cyber-physical ecosystems
5. Targeted attacks enhanced by smart device data
6. Lack of analysis and control of space-based infrastructure and objects
7. Rise of advanced hybrid threats
8. Skills shortage
9. ICT service providers as a single point of failure
10. Abuse of AI

1. Supply Chain Compromise

The software supply chain is already the weakest link in most organizations’ networks—and the threat is expected to get much worse in the coming years.

As the market demands quicker software release cycles, ENISA predicts that software developers will reuse code and rely more heavily on open-source code libraries.

Many of these components will not be scanned for vulnerabilities, creating more opportunities for malicious actors to compromise the supply chain.

Transparency into the supply chain is essential to mitigating software supply chain attacks, but it will require more than traditional vendor security assessments.

Instead, your organization must continuously monitor the supply chain for emerging risk—during onboarding and for the duration of a vendor contract. Read more about how Bitsight ensures unprecedented visibility into supply chain risk.

2. Advanced disinformation campaigns

In 2030, nation states and non-state actors will expand their disinformation capabilities to manipulate communities using advanced artificial intelligence (AI) techniques to propagate deepfake attacks.

In deepfake attacks, threat actors impersonate their targets, such as political rivals or corporate executives, to spread targeted messages, videos, and comments and influence public opinion.

A variety of methods can be used to propagate these attacks, including fraud, identity theft, unauthorized access, session hijacking, abuse of personal data, and more.

To mitigate this threat:

• Develop a plan to expand end-user awareness of deepfake technology and exploits through training and security awareness.
• Incorporate security performance management into your security program to better understand employee behavior that might contribute to the increased risk of a deepfake attack.

Read more about how to protect your organization from the emerging deepfake threat.

3. Rise of digital surveillance authoritarianism & loss of privacy

By 2030, governments and law enforcement agencies will collect vast amounts of personal data, including biometrics and digital identity information.

In turn, these data troves will be targeted by nefarious hackers to steal identities, hack digital systems, and steal intellectual property.

Typical methods for perpetrating these attacks include malware, man-in-the-middle attacks, and more.

To mitigate this threat:

• Verify identities and prevent unauthorized access to devices and systems with multi-factor authentication and biometrics.
• As your attack surface expands—to the cloud, across remote networks, and mobile devices—ensure you have visibility into each digital asset, its security status, and areas of disproportionate risk so that you can prioritize remediation of vulnerabilities, such as unpatched software.
• Enforce mobile application protection to protect against credential theft, cloned apps, IP theft, and more.

4. Human error and exploited legacy systems within cyber-physical ecosystems

By 2030, hacks that target insecure IoT and smart devices with access to the corporate network will continue to rise. An adversary can exploit these devices through misconfigured software, a delay in patching, user error, or other vulnerabilities. 

To mitigate this threat:

• Discover digital assets on your network with the highest risk exposure, such as unprotected mobile apps or insecure IoT devices.
• Continuously monitor your digital ecosystem for emerging threats—such as anomalous user behavior—and receive alerts when the security postures of systems or devices change.
• Monitor third-party software vendors to ensure risk isn’t introduced to your digital environment via third-party apps or software.

5. Targeted attacks enhanced by smart device data

The use of smart data in our daily lives—including health data, smart home data, and behavior across digital platforms—will increase significantly in the coming years. It is a veritable minefield of data for hackers who can breach unpatched smart devices to gather sensitive data, move around the network, spoof high-profile individuals, and cause untold harm.

To mitigate this threat:

• Maintain a regular patching cadence of smart devices. How quickly you patch software vulnerabilities is directly correlated to the likelihood of experiencing a cyber event. Use Bitsight to continuously and automatically discover unpatched systems across your digital environment, including smart devices.
• Educate users on social engineering techniques.
• Monitor network traffic for potential security threats that may arise from connected mobile applications and shadow IT. 

6. Lack of analysis and control of space-based infrastructure and objects

Space travel—whether commercial, private, or government-funded—will transform rapidly by 2030. But there is still a lack of understanding, analysis, and control of space-based infrastructure. This gives threat actors plenty of time to identify and exploit unknown vulnerabilities.

To mitigate this threat:

• Continuously analyze security controls across the space-based infrastructure to understand and expedite the remediation of security gaps.
• Measure and continuously monitor third-party security controls to align with internal risk tolerance and goals.

Read more about how NASA is using Bitsight to mitigate supply chain vulnerabilities across its supply chain of more than 3,000 vendors.

7. Rise of advanced hybrid threats

Hybrid threats are attacks by bad actors that combine a variety of tactics - in sequence and simultaneously - to gain access to networks, collect and interpret data, and develop new tools to evade detection.

Because the range of these methods is broad and multidimensional, tackling them individually is ineffective. 

To mitigate this threat:

• Use tools that let you see your attack surface the way the bad guys do—on-premise, in the cloud, and across remote networks—so you can quickly assess current risk exposure; prioritize high-risk assets; and take action to reduce risk. 
• Understand dependencies between your organization’s contractors, subcontractors, and even fourth parties. Threat actors often exploit these connections to conduct attacks across the supply chain without being detected.
• Continuously monitor your digital infrastructure and that of your vendors for greater situational awareness into the hidden risks that hybrid threat actors exploit, including unpatched systems, misconfigured software, user behavior, and more.

8. Skills shortage

The cybersecurity talent shortage contributed to most security breaches in 2022 and ENISA doesn’t expect the problem will be solved by 2030. Organizations with unfilled cybersecurity jobs will continue to be targeted by criminals looking for vulnerabilities and exploiting them.

To mitigate this threat:

• Leverage automation to reduce the burden on security teams. For instance, Bitsight can discover risks continuously and automatically, prioritize areas for rapid remediation, and inform decisions about where to allocate limited resources.
• Lean on expert security resources. Turn to a dedicated Bitsight advisor to augment your existing security resources and accelerate the maturity of your security program—while reducing your workload.

9. ICT service providers as a single point of failure

Many industries and smart cities are increasingly reliant on information and communications technology (ICT) service providers to connect to the internet and manage inter-device communications. But the providers present a single point of failure and will grow in significance as likely targets of malicious actors.

ICT infrastructure could be weaponized during future conflict using hybrid tactics with large scale impacts on society.
To mitigate this threat:

• ICT providers must continuously monitor their entire infrastructure for security gaps and prioritize remediation of high risk digital assets.
• Customers must gain transparency into hidden risk in their ICT providers’ networks and infrastructure.

10. Abuse of AI

The use of AI algorithms and data to influence decision-making will increase in high-risk sectors by 2030. This will be accomplished through disinformation, fake content, bias exploitation, military robots, and data poisoning.

To mitigate risk:

• Follow AI security best practices for secure software development.
• Use advanced detection techniques to detect manipulation of AI training data.
• Monitor third-party software providers for security vulnerabilities that can be exploited to breach biometrics and other sensitive data.

Download ENISA's Report

We strongly encourage you to download ENISA’s findings and recommendations. Although developed with the EU in mind, the report has relevance and widespread implications for risk managers and cybersecurity leaders worldwide, especially as threats evolve and regulations become more complex.