Cybersecurity is no longer an IT issue

Cybersecurity threats are rapidly evolving due to advancements in technology, the growing sophistication of cybercriminals, and the increased reliance on digital infrastructure for government and city services.

Social engineering and phishing attacks saw a 202 percent increase in the second half of 2024, said SlashNext’s 2024 Phishing Intelligence Report, and in the same period, there was a significant 703 percent increase in credential phishing attacks. Phishing will remain among key cybersecurity threats cities should watch in 2025, potentially leading to unauthorised access to government systems, financial losses, or the theft of relevant data.

Experts predict cyberattacks will increasingly target vital infrastructure, such as electricity grids, water systems, or transportation networks, as well as municipal services. These attacks are generally aimed at widespread disruptions, undermining residents’ safety and quality of life, and jeopardising trust in city authorities.

“Security is no longer an IT issue, it’s a city management issue,” says Dario Campovecchi, Chief Information Security Officer at Paradox Engineering – MinebeaMitsumi Group. “Cities used to build walls for protection, now they need to fortify their digital infrastructure and approach cybersecurity with the same seriousness as they would manage any physical threat to their communities”.

Looking at 2025, AI-driven cyberattacks are expected to become more frequent and severe. Attackers will increasingly use Artificial Intelligence and machine learning tools to automate and optimise their actions, making them faster and more effective. Additional threats cities should watch undoubtedly include supply chain attacks. Malicious activities targeting third-party vendors and service providers are becoming more common, as attackers often find vulnerabilities in software, hardware, or service providers that municipalities depend on.

Experts also point out the growing risk of insider attacks: whether intentional or unintentional, employees are often the weakest link of the cybersecurity chain. Remote work environments expand the attack surface, while the augmented workload can make people less careful or sensitive in detecting possible threats and reacting accordingly.

In such a worrisome scenario, how should cities prepare and better protect their infrastructure, data, and residents?

Beware technology, people, and process

Implementing technologies that incorporate security by design principles is the starting point. “Security by design ensures that systems follow standards and guidelines that reduce vulnerabilities and risks, increase their resilience and reliability, and enable proactive threat mitigation,” explains Campovecchi.

But cybersecurity is not only about technology. Considering 90 percent of security breaches come out of human inadvertent errors, it’s worth noting that comprehensive cybersecurity education is needed. City employees represent the frontline defenders against cyberthreats, so they must be equipped with actionable knowledge and skills to recognise and respond to potential risks. Cyber awareness programmess, in-depth trainings, and regular testing are useful to educate people, share best practices and how to behave in case of anomalous events.

Finally, cybersecurity must be managed as a cyclic process. “What’s secure today may not be secure tomorrow, thus solid procedures and organisational structures should be established. Creating an internal Security Operations Centre or trusting an external one is a good solution to identify weaknesses, manage risks, and prepare the city to swiftly respond to cyber incidents”, adds Campovecchi.

As urban infrastructures become prime targets for cyberattacks, the importance of strong cybersecurity measures and strategies only grows. While acknowledging there is no magic switch, cities require a multifaceted approach to be 100 percent aware of risks and better prepared to manage vulnerabilities and threats, focusing on technology, people, and processes.

About Paradox Engineering

Established in 2005 and headquartered in Switzerland, Paradox Engineering is the Internet of Things (IoT) Excellence Centre of MinebeaMitsumi Group. The company pioneers technologies to implement highly scalable IoT network solutions, from edge devices to management platforms, to control critical public services such as streetlighting, parking management, municipal waste collection, and environmental monitoring. Thanks to intelligent technology solutions, Paradox Engineering strives to unleash opportunities for people and communities, helping the transition towards more liveable, sustainable, and smarter cities.

For further information, please visit Paradox Engineering’s website