Cybersecurity is a contest between attackers and defenders, and for too long governments have been defending their turf alone. Attacks frequently target public-sector entities with little resistance, creating national ramifications. Despite rules and regulations meant to establish baseline controls, attacks continue to define a growing threat landscape. The harsh reality is that the threat surface has expanded wildly beyond what governments can realistically defend alone.

The Scale and Complexity of Cyberthreats

Modern cyberattacks have escalated in cadence, scale, and sophistication. They no longer depend on a single vector. According to Palo Alto Networks, 87% of intrusions across more than 750 incident response cases targeted multiple attack surfaces—from endpoints and networks to cloud infrastructure, SaaS, apps, and identity. Intrusions spread laterally across connected systems, meaning defending one layer is insufficient when attackers can pivot through multiple access points in the same campaign.

Growing Attack Surface Through Everyday Dependencies

Years ago, the attack surface was limited to an organization’s operational perimeter. Today, it includes cloud platforms, APIs, vendors, and managed service providers. These third-party dependencies broaden the attack surface, giving cyber attackers more avenues to exploit. A compromise of a remote support tool enabled attackers to access multiple U.S. Treasury Department offices, illustrating how third-party access can become the easiest entry point.

Technology Ownership Controlled by Private Entities

In the past, major technology shifts often resulted from government-funded research—the origins of the Internet, GPS, and solar energy are prime examples. Today, the private sector drives technological advancements. Critical digital infrastructure is overwhelmingly built and operated by private entities, and governments do not have total control over all its operational levers. This requires a change in thinking, demanding partnerships with the private sector to secure the infrastructure on which a country depends.

Cybercrime Has Gone Industrial

Cybercrime is now an industry with different specializations, services, tooling, and repeatable playbooks. It is decentralized, meaning arresting one group does not dent the overall scale or scope of attacks; there is always another group to fill the gap. The underlying incentives remain strong. Crypto scams and fraud pulled in roughly $17 billion last year, fueled by a sharp rise in impersonation schemes (up 1,400 percent year-over-year). In November, a ransomware attack on OnSolve CodeRED forced the emergency-notification platform offline, disrupting alerts used by law enforcement and public agencies. Considering cybercrime's persistence, a coordinated response targeting the entire criminal enterprise model—including its hosting services, identity abuse, laundering pathways, and scam infrastructure—is the only way forward.

Geopolitics and Nation-State Cybercrime

State-enabled cybercrime has become routine and normalized as an instrument of espionage, influence, and strategic disruption. State-sponsored operators demonstrate greater capabilities and deeper reach, traversing global platforms, third-party infrastructure, and cross-border supply chains. Organizations are on high alert, with 64% accounting for geopolitically motivated cyberattacks in their risk mitigation strategies. National cyber defense cannot be purely national in execution; it must include alliance coordination and cross-border collaboration with private-sector operators that manage key visibility and control points.

AI as an Attack Enabler and Defender

AI is shrinking attack timelines by roughly 100 times. Intrusions that used to unfold over days now play out in minutes. In one in five cases, data is already leaving the environment within the first hour. Organizations are rushing AI systems into production, adding new models, plugins, connectors, and data paths, which widens the attack surface further. Legacy controls were not built for that pace or sprawl. Governments cannot solve this alone. The workable path must involve better public-private coordination, where threat intelligence disseminates faster, secure AI patterns are built and shared, and governance is aligned across sectors.

The road ahead is about building a shared defense paradigm that moves at adversarial speed. Governments can still set standards of accountability, but improved resilience will only come from stronger public-private coordination, faster inter-agency sharing, secure-by-design AI, and joint disruption of criminal infrastructure across borders. The digital infrastructure that governments aim to secure is a product of private companies. There are limits to what the state can secure on its own, which means the focus must shift to closer collaboration with the private sector. Cybersecurity defenders must adapt to the reality that the private sector holds the keys to many of the tools and platforms under attack, and only through partnership can they hope to stay ahead of increasingly sophisticated adversaries.

Source: SecurityWeek News