As we begin 2025, government cybersecurity continues to confront increasingly sophisticated and malicious foreign and domestic cyber threats. For instance, the recent third-party data breach of the Treasury Department has amplified concerns regarding the lax cybersecurity of third-party service providers, prompting a need for data backup and recovery.
However, preventing attacks is only one aspect; building cyber-resilient networks and agency infrastructure that allow for quick data recovery is key to maintaining operations and minimizing disruptions. In the new year, I’ve identified several key trends that I believe the government will face in 2025, such as an anticipated rise in sophisticated malware leading to governmental disruptions, and that underscores the specific challenges that governmental agencies are likely to experience. These predictions highlight the need for strategic measures such as enhanced data security protocols to protect the resilience and integrity of government systems and data in the face of evolving cyber threats.
Ransomware and wiper malware will continue to evolve and wreak havoc across government agencies.
I believe the federal government will see an increase in destructive malware, such as ransomware and wiper malware, which will cause significant disruptions in government in 2025. I anticipate that government agencies will start to acknowledge their vulnerability to the same destructive malware threats affecting other sectors and will incorporate cyber recovery testing into agency security exercises to understand their true risk exposure.
Wiper malware will become a likely weapon for attackers. Unlike ransomware that locks data and demands payment, wipers destroy data irrecoverably by encrypting files, altering them or disabling operating systems, thus denying access.
I also expect an uptick in ransomware attacks, especially against critical infrastructure sectors, such as water treatment facilities and healthcare, which will be prime targets because they are essential services with outdated security measures. Cybercriminals will exploit those vulnerabilities to disrupt public safety and health for significant ransom payments.
It’s getting worse with the expansion of Ransomware-as-a-Service. Ransomware-as-a-Service will add initial access brokering, data exfiltration and negotiation services to its offerings. This will lower the technical barriers to entry, and more cybercriminals will be able to get involved in ransomware, which will lead to more attacks against government agencies.
Cyberattacks against critical infrastructure will rapidly increase, particularly against essential services, such as the water, energy and telecommunications sectors.
I anticipate that cyberattacks against critical infrastructure will surge in 2025, with particular focus on essential sectors like water, energy and telecommunications. These sectors are fundamental to daily living, providing vital services and connectivity. Recent cyber incidents, such as the Volt Typhoon and Salt Typhoon hacks, have raised awareness of the dangers foreign state actors pose against critical U.S. infrastructure.
With emerging threats becoming more sophisticated, adversaries are honing their tactics to exploit regulatory loopholes. Over time, these threats will keep developing and increasing in complexity. As such, cybercriminals will adapt and employ new ways of exploiting existing regulations in 2025. This area will remain a grey space for compliance and regulation where adversaries like to hide and thrive.
I believe these activities will make government and business-critical infrastructures even more vulnerable in 2025, given that the adversaries seek to achieve maximum disruption, steal intellectual property and shift geopolitical balances.
Software supply chain attacks and insider threats will become more frequent and severe.
I believe software supply chain and insider threat attacks will increase in frequency and severity in 2025 for government agencies.
Software supply chain attacks will become increasingly prevalent because they offer cybercriminals a streamlined target. Outdated compliance requirements and resistance to modernization further increase risk, and as more agencies outsource IT operations and decision-making to third-party vendors, vulnerabilities will multiply. This will be fueled by an ever-growing attack surface, compromised infrastructure and source code theft. To that end, source code theft enables cyberattackers to identify vulnerabilities and then weaponize them for nefarious purposes. Furthermore, common breaches from misconfigurations and poor cyber hygiene will exacerbate this issue.
I believe agencies will also see an increase in insider threats due to data misuse and employee errors, and with improvements in artificial intelligence (AI) and high levels of social engineering, more insider threats will be possible and even more devastating.
Data poisoning will remain an existential threat to AI and government digital transformation.
I believe the data poisoning of AI will significantly impact government operations in 2025. AI systems, which agencies rely on to deliver anything from healthcare information to critical infrastructure data to research, are only as reliable as the data that trains them. Data poisoning involves hackers corrupting data used to train AI, thereby undermining AI’s predictive and decision-making capabilities.
To mitigate these threats, government chief data officers need to focus on the validation and protection of the data sources rather than more conventional approaches to application security. Furthermore, agency leaders must understand that AI data poisoning attacks will increase and must be addressed as part of their future cyber mitigation strategies if AI systems are to remain safe and reliable in today’s ever-changing cybersecurity threat landscape.
As such, we can expect data poisoning to be one of the greatest threats to AI’s existence, particularly when it comes to government digital transformation goals and incorporating emerging technologies. AI technology can be heading towards disaster if agencies cannot guarantee the safety and reliability of the frameworks used by AI systems.
Data security posture management will be a critical cyber-resilience strategy to protect government data.
Data security posture management aims to solve one of the most complex issues in government cloud environments: knowing where all agency data is stored, how it is secured and who has access to it.
While the size and complexity of government data increases, the probability of cybercriminals gaining improper access to such data also increases. For improving government cyber resilience and cloud technology, I believe AI and data security posture management are needed. In 2025, these technologies and strategies will be seen in government along with data loss prevention and cloud-native application protection platforms, as these technologies alone don’t adequately address an agency’s overall data-related cyber resilience.
Regarding the increased use of generative AI within government, the risk of exposing sensitive data will be a challenge until the data visibility and controls are implemented and integrated with the data pillar of zero-trust architecture implementations.
Hence, there is a need for a broad solution that can help protect sensitive government data effectively against new threats in cyberspace.
Government agencies will increasingly prioritize building cyber-resilient environments designed to ensure that critical data can withstand cyberattacks and recover rapidly.
In 2025, government agencies will increasingly prioritize building cyber-resilient environments designed to ensure that critical data can withstand cyberattacks and recover rapidly. The focus will shift towards enhancing the resilience of data, enabling swift recovery from cyber incidents to a known good state within hours or minutes. This strategic move will be essential to counteract the false sense of security from compliance-focused measures and to safeguard against the rising sophistication of cyber threats, ensuring the protection of critical information and the continuity of operations.
Travis Rosiek currently serves as public sector chief technology officer (CTO) at Rubrik, helping government agencies become more cyber and data resilient. Rosiek is an accomplished cybersecurity executive with more than 20 years in the industry. His experience spans driving innovation as a cybersecurity leader for global organizations and CISOs to corporate executives building products and services. He has built and grown cybersecurity companies and led large cybersecurity programs within the Department of Defense (DoD). As a cyber leader at the DoD, he was awarded the Annual Individual Award for Defending the DoD’s Networks.
Prior to Rubrik, Travis held several leadership roles, including chief technology and strategy officer at BluVector, CTO at Tychon, federal CTO at FireEye, a principal at Intel Security/McAfee, and leader at the Defense Information Systems Agency (DISA). He has served on the National Security Telecommunications Advisory Committee (NSTAC) as an ICIT fellow and on multiple advisory boards.
Leave a Reply
You must be logged in to post a comment.