As your organization ramps its defenses, the cybersecurity landscape evolves with new threats. In March 2023, ENISA published a critical list. It details the top 10 cybersecurity threats expected to grow by 2030. The forecast comes from an eight-month foresight exercise. It shows that these threats are still relevant and are changing. Recognizing this shift, ENISA urges the cybersecurity community to enhance resilience. Consider these insights. Plan your next steps. Start by securing your operations. Start with basic steps. For example, make sure all user interactions have a secure TonyBet login.
The Top 10 New Emerging Cybersecurity Threats
ENISA has ranked some alarming threats. I will list them below. I will also list suggested actions for your organization. They will ensure it’s cyber resilience.
- Supply chain compromise
- Advanced disinformation campaigns
- Rise of digital surveillance and authoritarianism/loss of privacy.
- Human error and exploited legacy systems within cyberphysical ecosystems.
- Smart device data enhances targeted attacks.
- Lack of analysis and control of space-based infrastructure and objects.
- Rise of advanced hybrid threats.
- Skills shortage
- ICT service providers are a single point of failure.
- Abuse of AI.
Supply Chain Compromise
Vulnerabilities in the software supply chain escalate, threatening greater dangers. Companies push for faster software releases. So, developers are more likely to reuse code and use open-source libraries. They often need proper security checks, which opens doors for hackers to attack. To protect against these threats, you need clear insight into your supply chain. Traditional security checks are required; continuous monitoring throughout the vendor relationship is essential. Learn how BitSight provides unmatched visibility into supply chain risks.
Advanced Disinformation Campaigns
By 2030, countries and rogue groups will use advanced AI. They will use it to improve disinformation campaigns with deep fake tech. In these attacks, they mimic individuals such as politicians or CEOs. They spread its fake messages and videos to influence public opinion. These schemes may involve fraud and identity theft. They also use other illegal activities to spread false information.
To mitigate this threat:
- Develop a plan to expand end-user awareness of deepfake technology. The plan should cover training and security.
- Add security performance management to your security program. It’s going to help you understand employee behavior. This behavior might add to the risk of a deepfake attack.
Read more about how to protect your organization from the emerging deepfake threat.
Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems
By 2030, hacks will rise. They will target insecure IoT and smart devices with access to the corporate network. An enemy can exploit these devices. This can happen through misconfigured software, a delay in patching, or user error.
To mitigate this threat:
- Find digital assets on your network with the most risk. These include unprotected mobile apps and insecure IoT devices.
- Watch your digital ecosystem for new threats, like unusual user behavior. Get alerts when security changes on your systems or devices.
- Track third-party software vendors. Do this to ensure they don’t add risk to your digital environment via their apps or software.
Targeted Attacks Enhanced by Smart Device Data
Smart data is used in our daily lives. This includes health data, smart home data, and behavior on digital platforms. It’s use will increase in the coming years. Yet, this data is a minefield for hackers. They can breach unpatched smart devices to get data. Then, they move around the network, pretending to be important people and causing harm.
To mitigate this threat:
- Maintain a regular patching cadence for smart devices. How you fix software flaws affects the chance of a cyber event. Use BitSight to find unpatched systems in your digital environment. It’s doing this nonstop, including on smart devices.
- Educate users on social engineering techniques.
- Check network traffic for security threats from connected mobile applications and shadow IT.
Rise of Advanced Hybrid Threats
Hybrid threats are attacks by bad actors. They deploy various tactics, combining sequential and concurrent approaches, to infiltrate networks. They collect and interpret data and develop new tools to evade detection.
The range of these methods is broad and multidimensional. Tackling them one by one is ineffective.
To mitigate this threat:
- Use tools to see your attack surface like the bad guys do. You can use them on-premise, in the cloud, and across remote networks. They help assess your current risk, focus on high-risk assets, and reduce risk.
- Understand dependencies between your organization’s contractors, subcontractors, and even fourth parties. Bad actors often exploit these connections. They use them to attack the supply chain without detection.
- Keep a close watch on your digital systems and any third-party vendors. This will help you spot hidden dangers. These include old software, setup errors, and odd user activities. Hackers might use them to break in.
Download ENISA’s Report
We urge you to get ENISA’s research results and suggested improvements. The report was developed with the EU in mind but is relevant worldwide. It has big implications for risk managers and cybersecurity leaders. This is especially true as threats change and rules get more complex.