External threats on cyber security for defence in 2024

External threats on cyber security for defence in 2024

By Robert Gordon & Martyn Bull

Cyber is recognised as a key NATO defence domain, along with land, air and sea.

This is because of the devastating impacts that external attacks to defence systems and critical national infrastructure (CNI) can have. Managing external threats, such as state actors or individuals, to cyber security helps to build national resilience, as well as internal digital defences.

However, the cyber threat landscape facing governments and global defence organisations is always changing and hugely complex. In 2023, NATO updated its approach to enhance its cyber deterrence and cyber defence posture in response to “significant malicious cyber activities”. Therefore, to effectively protect sensitive

information and critical systems in 2024, sophisticated mitigation strategies are at the forefront of external threat cyber security.

What does cyber security mean in a defence context?

Cyber-attacks that gain access to systems compromise missions and reduce the ability of a military force to function effectively. Therefore, cyber security in defence is the act of defending computer system networks against hostile actors with these motivations. Malware and phishing attacks which exploit vulnerabilities on unpatched computers are often the cause of data leaks or breaches.

Recently, the MoD and other government agencies have been subject to several data breaches. This has resulted in sensitive data, such as NHS patient data, armed forces’ personal data, and others, being accessed by bad actors.

These kinds of attacks are increasingly prevalent, making cyber security for defence organisations today a landscape characterised by risk.

What are the different types of cyber threats facing defence?

Cyber threats are posed by hostile actors with a range of motivations and capabilities. These groups, or advanced persistent threats (APTs), range from individuals and terrorist groups to nation states. Hostile actors can work in isolation or as part of a wider campaign to supplement physical attacks.

These threats go beyond the types of attacks the public commonly face, such as phishing attacks. The NCSC has noted that the landscape is increasingly unpredictable. There has been a rise in state-aligned groups posing threats and more aggressive cyber activity. In addition, with global conflicts affecting many different countries, state-affiliated actors represent a very real threat.

Another key threat is artificial intelligence (AI). Set against an evolving geopolitical landscape, advances in AI have the potential to enable deepfakes, misinformation and other forms of threats that pose a risk to the nation’s security.

Types of attacks prevalent in 2024

  • Malicious software: aka malware, is any type of intrusive software used to steal data or damage systems and critical devices, such as worms, spyware or viruses.
  • Brute force attacks: using trial and error to find passwords, credentials or encryption keys that lead to important networks.
  • Social engineering attacks: manipulating individuals to grant access to assets or provide sensitive information.
  • Ransomware attacks and ‘ransomware as a service’ models: malware is used to block access to devices or assets, with the intention of extorting targets for money in order to regain access.
  • Digital intrusions: attacks such as spear-fishing is when an attacker sends malicious links, for example via email, to specific targets to try to induce them to share sensitive information

What are the defence-related impacts of cyber-attacks?

The capabilities of attackers and the strategic significance of the networks under threat frame the impacts of cyber-attacks.

Depending on these factors, everything from human lives to the democratic future of nation states can be put at risk. Common impacts include:

  • Disabling key systems and communications links, which can impact the success of missions and safety of military personnel, particularly those in the field.
  • Manipulating industrial control systems, which is often used to cause physical damage.
  • Exfiltrating sensitive data, an act that puts personnel safety at risk and can be used to extort defence organisations, resulting in financial damage.

What are the challenges facing cybersecurity in defence?

Adapting to emerging cyber threats is one of the biggest cyber security challenges facing defence organisations. They must introduce cyber security measures that are adaptable, robust, and multifaceted. Cyber threat prediction and cyber-attack mitigation strategies are the solutions.


Of course, cyber vulnerability assessments remain crucial to identifying, analysing and prioritising threats facing defence networks and computers. However, they should not be used in isolation. That’s because they don’t allow decision makers to prioritise threat mitigations in multi-stage cyber-attacks. By contrast, cyber threat prediction and modelling software allows analysts to be more proactive. Used alongside traditional cyber vulnerability assessments, this fuses threat intelligence feeds to power advanced analytics.

As a result, cyber protection teams can identify viable attack paths and attack vectors to critical systems ahead of time. Next, they can select from recommended mitigations to defend against cyber security risks. Cyber threat prediction and modelling software also provides real-time, actionable information through interactive visualisations. This provides commanders with enhanced cyber situational awareness, helping them reduce their network attack surface. They can also understand technical impacts in the context of the mission to prioritise responses.

Learn more about the important of cyber vulnerability assessments

What is the future of cyber security for defence?

Automation is seen as key to cyber threat detection and mitigation in defence. By harnessing advanced analytics, threats to network security will be identified sooner. This will allow cyber protection teams to act faster and better protect sensitive systems and information.

Visual analytics is also becoming more sophisticated. This helps defence analysts interact with complex intelligence more effectively and action it more quickly. Most important is building cyber resilience through a proactive stance. Tools that enable predictive analysis and advanced threat mitigation are essential to this approach.

Discover more about proactive cyber security

What is Riskaware’s role in mitigating cyber threats to defence?

Riskaware’s cyber security threat prediction and attack modelling suite, CyberAware, has been developed over many years alongside leading government and industry partners.

Building on Riskaware’s extensive research into attack simulation and industrial process resilience, CyberAware helps commanders maintain mission performance. Meanwhile, interactive visual analytics helps cyber protection teams to mitigate ongoing and future attacks.

To learn more about CyberAware, read our in-depth product sheet

Get In Touch

Are you looking for more information about Riskaware, our products or services?

Get in contact with us by filling out the form or call the office on +44 (0) 117 929 1058 and a member of our team would be happy to help.