Cybersecurity threats cities should watch in 2025

Last week, the internet sites of several cities in France including Marseille, Nice and Bordeaux were inaccessible after the attack of a group of pro-Russia hackers. The same happened in Italy, where Linate and Malpensa airports in Milan were targeted, together with the site of the Ministry of Foreign Affairs.

Cybersecurity threats are rapidly evolving due to advancements in technology, the growing sophistication of cybercriminals, and the increased reliance on digital infrastructure for government and city services.

Social engineering and phishing attacks saw a 202% increase in the second half of 2024,  says SlashNext’s 2024 Phishing Intelligence Report, and in the same period, there was a significant 703% increase in credential phishing attacks. Phishing will remain among key cybersecurity threats cities should watch in 2025, potentially leading to unauthorized access to government systems, financial losses, or the theft of relevant data.

Experts predict cyberattacks will increasingly target vital infrastructure, such as electricity grids, water systems, or transportation networks, as well as municipal services. These attacks are generally aimed at widespread disruptions, undermining residents’ safety and quality of life, and jeopardizing trust in city authorities.

Artificial Intelligence (AI)-driven cyberattacks are expected to become more frequent and severe. Attackers will use AI and machine learning tools to automate and optimize their actions, making them faster and more effective. On the other hand, cities are nowadays injecting AI and machine learning tools into cybersecurity defenses to implement security measures specifically designed to combat AI-driven attacks.

Cybersecurity threats cities should watch in 2025 undoubtedly include supply chain attacks. Malicious activities targeting third-party vendors and service providers are becoming more common, as attackers often find vulnerabilities in software, hardware, or service providers that municipalities depend on. But analysts also point out the growing risk of insider attacks: whether intentional or unintentional, employees are often the weakest link of the cybersecurity chain. Remote work environments expand the attack surface, while the augmented workload can make people less careful or sensitive in detecting possible threats and reacting accordingly.

How should cities prepare for these potential threats, and better protect their infrastructure, data, and residents? Read more or download our white paper to learn about Paradox Engineering’s approach to cybersecurity and how we support cities in effectively monitoring and responding to cyber threats and incidents.

 

Photo source: Adobe stock

Latest Articles