The Top 10 emerging cybersecurity threats

"If everything is connected, everything can be hacked"
- European Commission President – Ursula von der Leyen

ENISA, the European Union Agency for Cybersecurity has released the top 10 emerging cyber-security threats for 2030. The list is the result of an 8-month collaborate exploration by the ENISA Foresight Expert Group and shows a diversified range of threats.

What are the TOP 10 emerging cybersecurity threats?

• Supply chain compromise of software dependencies
• Advanced disinformation campaigns
• Rise of digital surveillance authoritarianism/loss of privacy
• Human error and exploited legacy systems within cyber-physical ecosystems
• Targeted attacks enhanced by smart device data
• Lack of analysis and control of space-based infrastructure and objects
• Rise of advanced hybrid threats
• Skills shortage
• Cross-border ICT service providers as a single point of failure
• Artificial intelligence abuse

The vast majority of these threats apply to the entire IoT ecosystem. An ecosystem that has been open to the world since the adoption of the internet as a means of connecting “computers” (later expanded to include “electronic devices”) outside of a local area network in the 1980s.

As we know since many years, and was reconfirmed by the European Commission President Ursula von der Leyen in her 2021 State of the Union address: “if everything is connected, everything can be hacked”.

Her hint on the exponentially increasing attacks on Europe’s supply chains and cloud infrastructure was the door opener for a higher level of awareness in Europe to increase our resilience by establishing common European cyber security standards for connected objects and services that are placed in Europe. She ended her address with the appeal for the creation of a European Cyber Resilience Act.

The Union proposed a draft Act in September 2022. It is currently under review and will remain in this state for quite some time undoubtedly subject to heavy lobbying from the hardware and software industry; the Act puts great responsibility on the industry to develop and maintain cyber secure products and infrastructure with inevitably substantial financial investments. Once adopted, manufacturers and Member States will have two years to adapt to the new requirements.

Even though the Resilience Act is still in draft, the ENISA prepared its recommendations for  a Secure Software Development Lifecycle already in 2019 through its publication “Good Practices for Security of IoT” Good Practices for Security of IoT – Secure Software Development Lifecycle — ENISA (europa.eu)

Its guidelines are very useful when developing IoT devices and infrastructure and are still very applicable when attempting to safeguard the ecosystem against the Top 10 emerging cybersecurity threats.