Cybersecurity is now a contest between attackers and defenders, but for too long, governments have been fighting alone. While attackers frequently target public-sector entities with little resistance, the threat surface has expanded far beyond what governments can realistically secure. The digital infrastructure that governments aim to protect is overwhelmingly built and operated by private companies. This means the focus must shift to closer collaboration between the public and private sectors.

Modern cyberattacks have grown in cadence, scale, and sophistication. They no longer rely on a single vector. According to Palo Alto Networks, 87% of intrusions across more than 750 incident response cases targeted multiple attack surfaces, including endpoints, networks, cloud infrastructure, SaaS, apps, and identity. Intrusions spread laterally across connected systems, making it insufficient to defend just one layer. Attackers can pivot through multiple access points in the same campaign, requiring a coordinated defense that spans the entire digital ecosystem.

Rise in the Scale and Complexity of Cyberthreats

The complexity of cyberattacks has increased dramatically. Attackers now employ advanced techniques such as living-off-the-land, fileless malware, and supply chain compromises. These methods allow them to evade traditional security controls and remain undetected for extended periods. The sheer volume of attacks also continues to rise, with reports indicating a significant increase in ransomware, phishing, and distributed denial-of-service (DDoS) attacks. This environment demands a defense posture that is agile, intelligence-driven, and collaborative.

Growing Attack Surface Underpinned by Everyday Dependencies

Years ago, the attack surface was limited to an organization’s operational perimeter. Today, it includes cloud platforms, APIs, vendors, and managed service providers. These third-party dependencies broaden the attack surface, giving attackers more avenues to exploit. For instance, a compromise of a remote support tool allowed attackers to access multiple U.S. Treasury Department offices, illustrating how third-party access can become the easiest entry point. As organizations become more interconnected, the attack surface will only continue to grow, making it essential for governments to work with the private sector to secure these dependencies.

Technology Ownership Controlled by Private Entities

Historically, major technology shifts were driven by government-funded research, giving rise to the Internet, GPS, and solar energy. However, the private sector now leads technological advancements. Critical digital infrastructure, such as cloud services, communication networks, and data centers, is built and operated by private companies. Governments do not have total control over all operational levers, demanding a change in thinking. To secure the infrastructure on which a country depends, governments must partner with the private sector, sharing threat intelligence and best practices.

Cybercrime Has Gone Industrial and Is Very Persistent

Cybercrime has evolved into a full-fledged industry with specialized services, tooling, and repeatable playbooks. It is decentralized, so arresting one group does not significantly reduce the overall threat. The incentives remain strong: crypto scams and fraud pulled in roughly $17 billion last year, fueled by a sharp rise in impersonation schemes (up 1,400% year over year). In November, a ransomware attack on OnSolve CodeRED forced the emergency-notification platform offline, disrupting alerts used by law enforcement and public agencies. A coordinated response targeting the entire criminal enterprise model, including hosting services, identity abuse, laundering pathways, and scam infrastructure, is the only way forward. Aggressive offensive action, rather than continual whack-a-mole, is needed.

Geopolitics Enters the Fray as Nation-States Use Cybercrime

State-enabled cybercrime has become normalized as an instrument of espionage, influence, and strategic disruption. State-sponsored operators demonstrate greater capabilities and deeper reach, traversing global platforms, third-party infrastructure, and cross-border supply chains. Organizations are already on high alert, with 64% accounting for geopolitically motivated cyberattacks in their risk mitigation strategies. National cyber defense cannot be purely national in execution; it must include alliance coordination and cross-border collaboration with private-sector operators that manage key visibility and control points.

The Accelerating Role of AI as an Attack Enabler and Defender

Artificial intelligence is shrinking attack timelines by roughly 100 times. Intrusions that used to unfold over days now play out in minutes. In one in five cases, data is already leaving the environment within the first hour. Organizations are rushing AI systems into production, adding new models, plugins, connectors, and data paths, widening the attack surface further. Legacy controls were not built for that pace or sprawl. Governments cannot solve this alone. The workable path must involve better public-private coordination, with faster dissemination of threat intelligence, secure AI patterns built and shared, and aligned governance across sectors.

The road ahead is about building a shared defense paradigm that moves at adversarial speed. Governments can set the standards of accountability, but improved resilience will only come from stronger public-private coordination, faster inter-agency sharing, secure-by-design AI, and joint disruption of criminal infrastructure across borders. The digital world is interdependent, and so must be the defense.

Source: SecurityWeek News