In the early 2020s, we noticed the world of cyber threats changing, but these threats often appeared as isolated issues rather than connected ones. As we move into the latter part of this decade, we’re on the brink of seeing these threads converge. Over the last five years, we’ve had to acknowledge that supply chain vulnerabilities are among our biggest threats. Geopolitical tensions have spilled over into cyberspace, tech companies are still failing to put out secure products, governments aren’t treating digital landscapes as critical national infrastructure, and artificial intelligence is starting to play a role in cyberattacks.
As we approach 2030, these separate threats remain unaddressed. They won’t just persist; they will intertwine, leading to major disruptions. We’ve increasingly seen tech companies prioritizing speed over security. The FBI and CISA have urged these providers to adopt a secure-by-design approach, but that casual attitude has already caused numerous breaches. Companies are now pouring money into programs to manage external attack surfaces and identify vulnerabilities.
For many clients I talk to, the bulk of their breaches trace back to their supply chains. Initially, only highly skilled nation-state actors exploited this vulnerability, but as cybercriminals have become more sophisticated, they’ve adopted similar tactics. Hacktivists, too, have jumped on this bandwagon, using these strategies to further their social and political agendas.
As we shift from traditional media to newer, often chaotic social platforms, we see a wider range of targets coming under fire. Companies will need to broaden their monitoring efforts to keep tabs on negative comments and sentiments across these platforms. We’ve already witnessed attacks on centralized functions that were outsourced, often triggered by disinformation campaigns.
The root of these successful attacks lies in the fact that most governments and regulators still don’t grasp the full scope of these critical digital suppliers. Even when they do, they struggle to create effective regulations to shield these entities and the society that depends on them.
Let’s talk about AI. This isn’t the sci-fi version, but rather Narrow AI, which we’re starting to utilize now, and will likely have in more advanced forms by the end of the decade. While AI can significantly enhance cyber defense efforts, nefarious actors will harness it too. We’re already observing AI being used for more convincing social engineering tactics, such as sophisticated phishing emails and deepfake videos. A major concern is how AI can speed up the identification of vulnerabilities and automate the creation of exploit code, reducing the time it takes for attacks to happen to mere minutes.
As we look toward the end of the decade, what’s likely to unfold? It’s a convergence of these threats. Software will still be riddled with vulnerabilities, more players will gain capabilities through AI, supply chain compromises will become routine, and critical digital infrastructure will remain unprotected. This creates a perfect storm for single-point-of-failure attacks against the supply chain to take down essential services. With nations in emerging economies acquiring offensive capabilities, the already fractured geopolitical landscape becomes even more concerning. The digital realm is set to become a much riskier space for businesses, and we might even see some countries facing extended outages.