Government in the crosshairs: how cyberattacks have changed in the third quarter of 2025

This spike in attacks against the government has a knock-on effect on other sectors, especially telecommunications and digital service providers.

Operators are part of the country's critical infrastructure. An intrusion in their systems not only affects their business: it can have a major impact on the continuity of essential public services such as healthcare, education or administrative management, which increasingly rely on connectivity and online platforms.

Therefore, it is no longer enough to "have everything up to date". It is essential:

• Review and reinforce network segmentation.
• Control in detail who accesses what and from where.
• Improve the supervision of services exposed to the Internet, both our own and those of third parties.

In parallel, the relative drop in ransomware attacks should not be interpreted as a retreat, but as an evolution. Many criminal groups are opting for more silent and scalable techniques, aimed at data theft, persistent access or the sale of credentials, which requires telecommunications companies and other sectors to constantly adapt.

One of the biggest challenges for cybersecurity today is in industrial environments, especially in industrial control systems (ICS/OT). Paradoxically, many of the world's most digitized sectors - energy, transportation, utilities, advanced manufacturing - continue to operate with architectures designed for a disconnected world, but now exposed to the Internet, mobile networks and cloud services.

IT/OT convergence, massive sensorization, the use of private 4G/5G networks and interconnection with real-time analytics platforms multiply the attack surface. Any incident in these environments can have a direct impact on physical security, continuity of supply or even the integrity of critical infrastructures.

Here telecommunications play a central role: the networks connecting plants, substations, control centers and field devices are the "circulatory system" of these ICS, and any compromise in the network can become a country-wide problem.

If organizations do not react quickly and judiciously, it is reasonable to expect:

• More complex and targeted attacks, combining vulnerability exploitation, social engineering and lateral movements within IT and OT networks.
• Increased regulatory pressure, especially with regard to data protection, business continuity and incident reporting, with a growing focus on industrial infrastructures.
• More stringent requirements in the supply chain, where technology and service providers will have to demonstrate increasingly higher levels of security.

For telecommunications operators, this translates into the need to:

• Collaborate closely with IT/OT cybersecurity teams and experts.
• Adopt more proactive approaches (early detection, coordinated response, crisis drills).
• Incorporate advanced monitoring and behavioral analysis technologies that make it possible to anticipate attacks and not only react when they have already occurred.

Everything points to cybersecurity gaining weight on the public and private agenda: more standards, more audits, more collaboration between administrations and companies. But technology alone is not enough.

It will be key:

• Boost staff training and awareness at all levels.
• Integrate security into projects from the design stage, and not as a final add-on.
• Align business strategy with a realistic vision of digital risks.

In short, cybersecurity is no longer the exclusive domain of technical teams. It has become a matter of resilience and social sustainability: it affects how we work, how we relate to the Administration and how we access basic services.