Government tops cyber-attack targets

by AKANI CHAUKE
JOHANNESBURG – A NEW global cybersecurity report has revealed a significant shift in the threat landscape, with government and industrial sectors emerging as the primary targets for sophisticated cyberattacks in 2025.

The findings highlight a growing trend of highly targeted, persistent operations driven by strategic intent rather than opportunistic intrusion.

The report, *Anatomy of a Cyber World* by Kaspersky Security Services, draws on extensive data from managed detection, incident response and security consulting operations worldwide.

It identifies government institutions as the most targeted sector for the second consecutive year, accounting for 19% of high-severity incidents.

Industrial organisations follow at 17%, while the IT sector has risen to third place with 15%, overtaking finance.

Government systems are increasingly under pressure from Advanced Persistent Threats (APTs), which account for a third of incidents in the sector.

These attacks are typically long-term, well-resourced and designed to infiltrate critical systems undetected. Alongside this, nearly one in five incidents involves social engineering, demonstrating that human vulnerability remains a key entry point despite advances in defensive technology.

In industrial environments, the threat profile is more evenly distributed. APT activity, malware and social engineering all contribute significantly to incidents, reflecting the diverse motivations of attackers targeting critical infrastructure.

Notably, the sector has seen a rise in red teaming exercises, indicating a growing emphasis on proactive defence and system resilience.

The IT sector presents a particularly high-risk environment due to its central role in global digital ecosystems.

With 41% of incidents attributed to human-driven APT attacks, threat actors are increasingly exploiting trusted networks and supply chains to maximise impact.

However, the relatively low adoption of proactive testing measures suggests a gap between risk exposure and defensive preparedness.

Interestingly, the finance sector has dropped out of the top three most targeted industries.

This shift is partly attributed to stronger regulatory frameworks and sustained investment in cybersecurity practices, including extensive use of red teaming and continuous risk assessment.

Experts warn that the evolving threat landscape demands a fundamental shift in cybersecurity strategy.

Rather than relying solely on prevention, organisations must adopt a mindset of continuous detection and response.

This includes real-time monitoring, threat hunting and rapid containment to minimise the impact of breaches.

As cyber threats grow in scale and sophistication, the report underscores the importance of integrating advanced technologies with human expertise.

In an era where no sector is immune, resilience, adaptability and vigilance are becoming the defining pillars of effective cybersecurity.

– CAJ News