Joseph Rooke, Director Risk Insights (Insikt Group) at Recorded Future
High-profile cyber-attacks have shaken the private sector in recent months, with their devastating consequences dominating headlines. But while commercial businesses have been in the spotlight, organisations across the public sector are now asking a critical question: could we be next?
Unfortunately, and perhaps inevitably, the answer is likely yes.
The UK Government has acknowledged that schools and hospitals are “very likely” to be targeted by cybercriminals. It has also warned that major public bodies, such as the Department for Science, Innovation and Technology, are not adequately prepared for a cyberattack that could contribute to a national crisis.
Cyber threats are not a new challenge. The public sector has long been vulnerable, and the risks are growing. The potential consequences are severe, ranging from the erosion of public trust and regulatory penalties to political fallout and national security concerns.
So, what threats is the sector up against, and what can public sector organisations do to protect themselves?
Why is the public sector being targeted?
Public sector institutions such as schools and hospitals are becoming increasingly attractive targets for cybercriminals. These organisations manage vast amounts of sensitive data – including personal information, intellectual property, and critical research – while also delivering essential services that the public depends on daily.
This combination makes them uniquely vulnerable. Any disruption to education or healthcare systems creates immediate public pressure, a fact that attackers are quick to exploit to extort payments or gain publicity.
Yet despite the high stakes, many of these institutions often continue to rely on outdated infrastructure and legacy IT systems. Cybersecurity budgets are often limited, and dedicated security teams are scarce or non-existent. These vulnerabilities, when taken together, make public sector organisations low-hanging fruit for increasingly sophisticated cyber threats.
Ransomware, DDoS, and supply chain attacks: today’s top threats
As technology continues to evolve, so too do the tactics employed by cybercriminals. Public sector organisations are increasingly in the crosshairs of sophisticated cyber threats, and risks are not only escalating in volume but in their potential impact on public safety, trust, and national security.
- Ransomware: a tangible and costly threat
The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) deem ransomware as the greatest of all serious and organised cyber crime threats and a risk to UK’s national security. By infiltrating systems through malware, cybercriminals gain unauthorized access, often encrypting or exfiltrating sensitive data. They then demand ransom payments in exchange for restoring access or withholding the publication of the stolen information – sometimes threatening to leak it on the dark web or release it publicly.
The real-world consequences of such attacks are becoming alarmingly clear. A recent example is the ransomware attack on Synnovis, a pathology service provider used by the NHS. The breach led to delayed blood test results, postponed surgeries, and serious disruption to patient care. This underscores the reality that ransomware attacks on the public sector can have life-or-death implications
- DDoS attacks: crippling public access
Distributed Denial of Service (DDoS) attacks, which involve flooding an organization’s servers with traffic from multiple sources, continue to be a favoured method for causing widespread disruption. The goal: to crash systems, deny access, and generate chaos – especially during critical periods.
In the 2022 U.S. elections, political websites experienced a staggering 400% increase in weekly DDoS attacks. One notable incident saw Mississippi’s election website temporarily taken offline, an attack claimed by a pro-Russian hacking group. These disruptions erode public confidence and highlight the geopolitical motivations behind many cyber threats targeting the public sector.
- Supply chain vulnerabilities: an expanding attack surface
As public sector organizations increasingly rely on complex, interconnected supply chains, they also inherit the cyber risks that come with them. Emerging technologies such as IoT, AI, and cloud-based platforms are transforming operations – but they’re also creating new entry points for threat actors.
These extended networks mean that a single weak link, often a third-party vendor, can expose an entire system. The larger and more fragmented the supply chain, the broader the attack surface, making public sector bodies more vulnerable to attacks that could disrupt critical operations, delay services, or compromise sensitive data.
Organised cyber gangs and State-backed hackers: know your enemy
The most prevalent cyber threats today come from organised criminal groups. These hacker collectives operate like professional businesses, with defined hierarchies, specialised roles, and clear objectives. Their motivations are typically financial gain or notoriety, often achieved by stealing valuable data or disrupting operations to pressure organisations into compliance.
However, an even more insidious threat comes from state-sponsored actors. These attackers are either directly employed by nation-states or indirectly supported through funding and infrastructure. Unlike financially motivated groups, state-backed hackers pursue strategic national objectives – such as cyber espionage, surveillance, or critical infrastructure disruption.
- State sponsored attacks in action
This threat is far from hypothetical. In 2024, a Chinese state-sponsored group known as Salt Typhoon infiltrated major global telecommunications providers, gaining access to the communications of senior U.S. government officials in Washington.
A recent example includes North Korean threat actors applying for remote jobs in foreign companies, using AI tools to mask their identities and infiltrate critical infrastructure. This evolving tactic, known as an ‘insider threat,’ presents a growing risk to organisations across both public and private sectors.
As geopolitical tensions continue to rise, these types of attacks are expected to become more frequent. Cyber warfare offers governments a low-cost, low-risk alternative to conventional conflict – a way to weaken adversaries, gather intelligence, or destabilise critical systems without firing a single shot.
How can public sector organisations protect themselves?
Government intervention plays a crucial role in combating cyber threats. In 2024, for example, an international task force led by the UK’s NCA and the US FBI – Operation Cronos – successfully dismantled LockBit, one of the world’s most damaging cyber gangs.
The Government is actively addressing the increasing cyber threats faced by organisations, including those posed by hostile states and criminal groups. The Cyber Security and Resilience Bill – currently progressing through Parliament – places a strong emphasis on combating ransomware. In parallel, the Government has recently concluded its consultation on further ransomware-specific proposals.
But government action alone isn’t enough. Public sector organisations must take proactive, holistic steps to improve their own cybersecurity.
- People as the first line of defence
Strong cyber defence starts with people. Awareness and training should go beyond generic modules and focus on real-world threats. While phishing remains a common tactic, attackers are now using deepfakes and AI-generated content to impersonate trusted individuals and manipulate employees. Training must evolve to help staff recognise and report these more advanced threats.
- Keeping systems secure
On the technical side, routine patching and timely system updates are essential to eliminate known vulnerabilities. Network segmentation, especially for systems handling sensitive data, can limit the spread and impact of breaches.
- Share insights and intelligence
Equally important is access to actionable threat intelligence. Threat intelligence can enable organisations to better understand threats and repel them before they materialise into breaches. Additionally, sharing such intelligence across public sector organisations helps detect patterns, anticipate attacks, and coordinate responses. When agencies operate in isolation, attackers gain the upper hand. But with collaboration and shared situational awareness, the entire sector becomes stronger and more resilient.
Time to act
The public sector faces an escalating and complex cyber threat landscape that demands urgent attention. With attackers growing more sophisticated and motivated, there is no room for complacency. By investing in people, modernising systems, and fostering greater collaboration across agencies, public sector organisations can build stronger defences and reduce their vulnerability. Ultimately, safeguarding critical public services and national security requires a unified, proactive approach that evolves alongside emerging threats. The time to act is now, before the next devastating attack hits.
Recent Comments