Guide Managed Security

Top 10 cybersecurity risks and threats in the public sector 2024 

Top 10 cybersecurity risks and threats in the public sector in 2024

Top 10 cybersecurity risks and threats in the public sector 2024

The public sector was one of the highly targeted sectors in 2023. There was over 40% increase in cyber-attacks. Over 55000 out of 1.5 million attacks were in the public sector. It is mainly because the public sector is a goldmine of all sensitive data like names, addresses, contact numbers, email addresses, and social security numbers.   

Public sector organizations may be targeted by cybercriminals because of a political motive, as a protest, or for a social cause. For example, an attacker may engage in the alteration of websites and engage in the orchestration of attacks like denial-of-service attacks, data breaches, website mirroring, and geobombing.

Since public sector organizations are responsible for providing critical infrastructure facilities, state-sponsored attacks often target public sector organizations to cause massive disruptions in operations. Any disruption in critical infrastructure facilities can cause chaos and, in some cases, cause civil unrest.

The coming year would see a rise in cyber-attacks on the public sector.

What are some of the most alarming cyber-attacks on the public sector? 

The following are some of the most shocking cyber-attacks on the public sector in 2023:  

  • The cyber-attack on the Kenyan government that caused a disruption of over 5000 services by a group called Anonymous Sudan   
  • The breach on the Indian Council of Medical Research was one of the massive data breaches of this year, with over 815 million records breached.   
  • Government networks like NATO, the US, and Europe faced cyber attacks in 2023. 

Why are public sector organizations the most targeted compared to any other sector? 

Some key factors make public sector organizations one of the primary targets of cyber criminals: 

Public sector organizations have a pool of information assets with entrusted citizen data.

These comprise personal information such as names, addresses, social security numbers, login credentials, and phone numbers. Cybercriminals exploit this stolen information to engage in tailored phishing campaigns or sell them in the dark web market.   

An understaffed team and a limited budget for security 

Public sector organizations often struggle with having an understaffed team for cybersecurity that can help them identify and implement measures for security that encompass some of the best practices of the industry that defend them from modern-day threats. Additionally, they lack the budget needed for cybersecurity.  


One of the primary reasons why public sector organizations become a target is because of geopolitical instability.  It often results in countries targeting their critical infrastructure organizations that may be public sector-based (for most countries) for recon or to disrupt operations.

Technology used in the public sector is highly outdated 

Public sector organizations often contain infrastructure that is highly outdated in nature. A lot of the systems are vintage in nature with long unchecked vulnerabilities that are documented and easily accessible by cyber attackers to exploit. Since a lot of these systems are interconnected in nature, it is easier for them to take over the infrastructure and bypass their security.  

The top 10 cybersecurity risks in the public sector 2024

Let us discover some of the most dangerous cybersecurity risks to the public sector in 2024: 

1. APT and State-sponsored attacks aimed at critical infrastructure  

Geopolitical instability has caused nations to take war on the digital front, causing a rise in state-sponsored attacks. These state-sponsored attackers often consist of some of the most sophisticated attackers. These attackers spend more time studying their target, deploying advanced techniques to infiltrate and remain in the network undetected, and orchestrating advanced persistent attacks.  

Once they infiltrate a network, they engage in information collection through reconnaissance. They gather all information about the status quo cybersecurity setup and all the measures in place for security. After gathering this information, they would continue their persistence by staying undetected in the system, relaying back information, and creating more exit points in the defense.  

These attackers usually target all the critical infrastructure organizations that provide essential services such as energy, food and agriculture, information technology, and water and wastewater systems. 2024 is going to witness a significant rise in such state-sponsored attacks.  APT attacks against the public sector organizations have increased by 40% in the second quarter of 2023 

2. Ransomware attacks

2024 will witness a rise in ransomware attacks that would leverage social engineering to inject malware into the system and orchestrate complex attacks that encrypt existing information assets until ransom payment.  Public organizations are under increased threat of ransomware attacks because they have information assets such as names, addresses, email addresses, contact numbers, and credentials. There was a rise in ransomware attacks on the public sector from 58% in 2022 to 69% percent in 2023. 

3. Phishing  attacks

There is an increasing cybersecurity skills gap in the world, with around 4 million vacant positions in cybersecurity. The public sector is no stranger to this. There is a persistent problem of understaffing and lack of cybersecurity awareness in the public sector, making it challenging to identify and implement those best practices for security against the most modern threats.  

Cybercriminals will take advantage of this fact to orchestrate advanced social engineering-based attacks that will aim at baiting their victims based on information that seems more believable and genuine. It should come as no surprise there was a 173% rise in phishing attacks in 2023. 2024 will see a rise in phishing attacks and cyber criminals with more seemingly believable campaigns.

4. State elections and political events

Cybercriminals will go as far as disrupting events of huge significance, like elections. These threat actors can target voting equipment software, exploiting its vulnerabilities at large, and altering the data stored. Many cybersecurity experts have warned about a plausible attack on polling machines, especially with remote voting mechanisms that polling related data. 2024 would mean experts proactively assess these machines that are used for voting, identify security vulnerabilities in them, and take measures to fill gaps in their security.  They must keep the software patched regularly.   

5. DDoS attacks  

Cybercriminals would use Distributed Denial of Service (DDoS) attacks to cause massive disruption in operations. Since most of the systems that are deployed in the infrastructure are interconnected, the compromise of one system can cascade to the compromise of others. There was a 177% increase in DDoS attacks on government entities compared to last year.  This rapid adoption of wireless technology and cloud environments in government organizations has made them more exposed to cyber criminals who are equipped with advanced tools to bypass simpler security mechanisms.  Securing operations through round-the-clock security and support and incident response with proactive setup of backup and recovery will have to be a top priority for organizations in 2024.    

6. Hacktivism attacks  

Hacktivism will be on the rise in 2024 by groups that target the ruling government for a cause such as environmental degradation. There will be a rise in hacktivist groups that target specific governments based on the political agenda that they support or the negative impact they are causing on society or the environment. Some of the common techniques and tactics used by attackers include using denial of service attacks to disrupt existing websites and services, engaging in website defacement and replacing the content with their message, and using social media to spread their message across the internet. Many experts believe that despite the reduction in hacktivism activities worldwide, it will quickly rise again due to the increasing geographical and environmental chaos.   

7. Generative AI based attacks 

As public sector organizations approach 2024 with an increased proliferation of artificial intelligence and machine learning, cyber attackers have already begun integrating advanced AI-based malicious tools to orchestrate cyberattacks.  

For example, an AI-based chatbot tool “Fraud GPT” has gained quite a popularity among cyber criminals with its ability to provide AI-based assistance in crafting malicious tools and full-fledged phishing campaigns.  They engage in stealing, reverse engineering, and manipulation of machine learning models to come up with malicious undetectable covert malware that may engage in stealing the most sensitive data of public organizations. They may poison the data fed to the machine-learning model, causing it to malfunction.   

Public sector organizations will move past their previous approach, prioritize cybersecurity, and implement measures for automated AI/ML-based threat detection and response. 

8. Insider threats 

Since employees have a good deal of access permissions and some idea of the cybersecurity setup of their organizations, insiders become some of the most unforeseen sources of attacks. By being an insider, an attacker already has a great deal of access to all the sensitive information that they can exploit such as personal information, company-specific information, and access credentials. The threat from insiders is so dangerous that over 74% of the organizations that were surveyed reported that they were at increased risk of insider threats.   

Due to the increased adoption of the cloud by organizations, it has become even more challenging to detect insider there ats. There is also an increased risk of human error since most organizations do not prioritize programs for increasing awareness of some of the best practices for cybersecurity. A cybercriminal may exploit the security vulnerability that is created as a result of human error caused by to lack of awareness.  2024 will mean increased insider threats in the public sector with threat actors utilizing their permissions and access to relay some of the most critical information about the company. 

9. Increased cybersecurity skills gap 

There is a global cybersecurity talent shortage across the world as public organizations foray into digital realms to meet new levels of operational efficiency and to cater to the welfare of citizens better. As the shortage continues to grow, the cost of hiring will increase over time making it more challenging for public sector organizations to hire and retain talent for cybersecurity.    

It is because private organizations would have more budget for cybersecurity, hence, they would be able to hire cybersecurity talent better compared to the public sector. Therefore, 2024 would mean an increasing gap in cybersecurity skills on board and organizations would need to prioritize their cybersecurity and increase the budget for cybersecurity to retain talent. It would also mean for them to raise awareness within the organization regarding some of the best practices in security to mitigate the risks that arise due to the security gaps. 

10. Supply chain attacks 

Public sector organizations rely on external contractors for rendering some services. When these contractors use software that has a security vulnerability it can put the entire organization at cybersecurity risk. In 2024, there will be increased sophistication of techniques that will be deployed by cybercriminals.  

They will target all the weakest points that may encompass the software deployed by external contractors they are reliant on for all the services that they render. Hence they need to consider assessing their agreements for periodical security assessments. They must include a security review of all of the software used by contractors and assess them for security best practices that are implemented by them.  

Read More

Endpoint Security