In today's digital landscape, cybersecurity has evolved into a complex contest between attackers and defenders. For too long, governments have attempted to secure their networks independently, while malicious actors have targeted public-sector entities with alarming frequency and sophistication. Despite the establishment of rules and regulations aimed at bolstering cybersecurity defenses, the threat landscape continues to expand, and the reality is stark: the attack surface has outgrown the capabilities of government defenses alone.

The digital infrastructure that governments strive to protect is predominantly constructed and maintained by private companies. Given the inherent limitations of state capabilities, it is imperative that governments shift their focus towards fostering stronger collaborations with the private sector to enhance national cybersecurity efforts.

A closer examination reveals that an effective risk management strategy must involve a cooperative approach between public and private sectors.

Rise in the Scale and Complexity of Cyberthreats

Modern cyberattacks have escalated dramatically in terms of frequency, scale, and sophistication. According to research from Palo Alto Networks, approximately 87% of intrusions analyzed across over 750 incident response cases targeted multiple attack surfaces, including endpoints, networks, cloud infrastructure, software as a service (SaaS), applications, and identity systems. Attackers have become adept at lateral movement across connected systems, making it insufficient to defend a single layer when multiple access points are under threat.

Growing Attack Surface Underpinned by Everyday Dependencies

Historically, the attack surface was often perceived as an encroachment on an organization’s operational perimeter. In contrast, today's threats extend beyond this perimeter, encompassing critical operational components such as cloud platforms, application programming interfaces (APIs), vendors, and managed service providers. These third-party dependencies significantly widen the attack surface, presenting cyber adversaries with numerous opportunities for exploitation. A recent incident involving a compromised remote support tool illustrates this vulnerability, allowing attackers to breach several U.S. Treasury Department offices.

Technology Ownership Controlled by Private Entities

In previous decades, significant technological advancements were often the result of government-funded research initiatives, leading to innovations such as the internet, GPS, and solar power. However, the landscape has shifted, and today, private sector entities largely drive technological progress. The critical digital infrastructure that supports government operations is predominantly developed and managed by private organizations, limiting the government’s control over essential operational mechanisms. This shift necessitates a new mindset, one that embraces partnerships with the private sector to secure the infrastructure vital to national interests.

Cybercrime Has Gone Industrial and Is Very Persistent

Cybercrime has evolved into a well-organized industry, complete with specialization, services, tools, and replicable strategies. This industry operates in a decentralized manner, meaning that dismantling one group does little to disrupt the overall landscape of cyberattacks, as new groups can easily fill the void. The financial incentives driving cybercrime remain robust, with reports indicating that crypto scams and fraud generated approximately $17 billion last year, driven by a staggering 1,400% increase in impersonation schemes year-over-year. For instance, a ransomware attack in November on OnSolve CodeRED incapacitated the emergency notification platform, hampering alerts for law enforcement and public agencies.

Given the inherent resilience of cybercrime, a coordinated response targeting the entire criminal ecosystem—including hosting services, identity theft, money laundering channels, and scam infrastructure—is essential. A proactive offensive strategy is necessary, moving beyond reactive measures that merely address symptoms.

Geopolitics Enters the Fray as Nation-States Use Cybercrime

State-sponsored cybercrime has become a normalized tool for espionage, influence, and strategic disruption. Such state-enabled operators possess advanced capabilities and a broad reach, utilizing global platforms, third-party infrastructure, and cross-border supply chains. In fact, a significant 64% of organizations consider geopolitically motivated cyberattacks in their risk mitigation strategies.

To ensure effective national cyber defense, a solely national approach is insufficient. It necessitates collaboration with allied nations and private sector operators who manage pivotal visibility and control points within the cyber landscape.

The Accelerating Role of AI as an Attack Enabler and Defender

Artificial intelligence (AI) is drastically shortening the timelines for cyberattacks, with intrusions that previously spanned several days now occurring within minutes. Data breaches are increasingly happening within the first hour of an attack. Organizations are rapidly deploying AI systems, integrating new models, plugins, connectors, and data pathways, thereby expanding the attack surface even further. Legacy defenses are ill-equipped to manage this accelerated pace of threats. Consequently, it is clear that governments cannot tackle this challenge alone. A collaborative approach between public and private sectors is essential, enabling faster dissemination of threat intelligence, the establishment of secure AI protocols, and alignment of governance across industries.

Moving forward, the focus must shift towards constructing a collective defense strategy that operates at the speed of adversaries. While governments can set standards for accountability, enhanced resilience will only be achieved through improved public-private collaboration, expedited inter-agency communication, the secure design of AI systems, and coordinated disruption of criminal infrastructures across international borders.

Source: SecurityWeek News