Cyberattacks in government organizations

A systematic literature review of attack types and mitigation strategies

Authors

  • Dimaz Cahya Ardhi College of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New York, United States of America https://orcid.org/0009-0006-9306-0820
  • Dwi Puspita Sari College of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New York, United States of America https://orcid.org/0009-0002-7451-439X
  • Benjamin Yankson College of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New York, United States of America https://orcid.org/0000-0003-3306-3748

DOI:

https://doi.org/10.59490/dgo.2025.1021

Keywords:

Cyberattack, cybersecurity, public sector, government organization

Abstract

In the digital government era, the government must protect citizens’ data from cyberattacks to gain public trust. This study aims to identify the type of cyberattack incidents in government organizations and the implementation strategies to prevent cyberattacks. In this study, we conduct the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) approach to answer our research questions. It performs a detailed analysis based on 50 peer-reviewed articles published in the conference proceedings and journals from January 2020 to December 2024. Those articles are retrieved from five databases: ACM Digital Library, Engineering Village, IEEE Xplore, the University at Albany Library, and Web of Science. The results revealed six types of cyberattacks in government organizations: malware, denial-of-service attacks, phishing attacks, false data injection, supply chain attacks, and advanced persistent threats. Furthermore, our review showed that four strategies have been implemented to prevent cyberattacks: 1) developing national cybersecurity strategies and frameworks, 2) building cyber defense capacity, 3) enhancing infrastructure resilience, and 4) education, training, and awareness. This study contributes to the field by providing different types of cyberattacks associated with government organizations and presenting a centralized and comprehensive analysis of research work in security, which is an excellent resource for other researchers in a similar field. Finally, this study also offers practical implications for government organizations, providing strategies to help them prevent cyberattacks.

Downloads

Download data is not yet available.

References

Aldabbagh, A. M., & Ilyas, M. (2021). Smart city GIS mapping and analysis of intrusion detection. IEEE Xplore. https://doi.org/10.1109/ICECCT52121.2021.9616943

Aljuaid, W. H., & Alshamrani, S. S. (2024). A deep learning approach for intrusion detection systems in cloud computing environments. Applied Sciences, 14(13), 5381. https://doi.org/10.3390/app14135381

Atkins, S., & Lawson, C. (2021). An improvised patchwork: Success and failure in cybersecurity policy for critical infrastructure. Public Administration Review, 81(5). https://doi.org/10.1111/puar.13322

Atkins, S., & Lawson, C. (2022). Integration of effort: Securing critical infrastructure from cyberattack. Public Administration Review, 82(4), 771-775. https://doi.org/10.1111/puar.13493

Avraam, C., Ceferino, L., & Dvorkin, Y. (2023). Operational and economy-wide impacts of compound cyber-attacks and extreme weather events on electric power networks. Applied Energy, 349, 121577-121577. https://doi.org/10.1016/j.apenergy.2023.121577

Byeon, S., & Suh, W. (2020). A study on the government’s countermeasures against cyber attacks. IEEE Xplore. https://doi.org/10.1109/BigComp48618.2020.00-17

Drummonds, A. O., Henry, J., & Mirpuri, K. (2022). An analysis of website phishing awareness in Jamaica. IEEE Xplore. https://doi.org/10.1109/SoutheastCon48659.2022.9764050

Frandell, A., & Feeney, M. (2022). Cybersecurity threats in local government: A sociotechnical perspective. The American Review of Public Administration, 52(8), 558–572. https://doi.org/10.1177/02750740221125432

Hossain, Z., Zaman, G. K., & Taher, K. A. (2021). Cyber emergency response team for Bangladesh. IEEE Xplore. https://doi.org/10.1109/ICICT4SD50815.2021.9396922

Keshvadi, S. (2023). Enhancing western organizational cybersecurity resilience through tailored education for non-technical employees. IEEE International Humanitarian Technology Conference (IHTC), 1-6. https://doi.org/10.1109/ihtc58960.2023.10508824

Khan, S., Kabanov, I., Hua, Y., & Madnick, S. (2022). A systematic analysis of the Capital One data breach: Critical lessons learned. ACM Transactions on Privacy and Security, 26(1). https://doi.org/10.1145/3546068

Klumpes, P. (2023). Coordination of cybersecurity risk management in the U.K. insurance sector. The Geneva Papers on Risk and Insurance - Issues and Practice. https://doi.org/10.1057/s41288-023-00287-9

Kumar, G. K. S., Prakasha, K. K., & Muniyal, B. (2022). ACH reference model - A model of architecture to handle advanced cyberattacks. 2022 Second International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT). https://doi.org/10.1109/icaect54875.2022.9808076

Magnusson, L., Dalipi, F., & Elm, P. (2023). Cybersecurity compliance in the public sector: Are the best security practices properly addressed? Communications in Computer and Information Science, 219-226. https://doi.org/10.1007/978-3-031-36001-5_28

Mahima, D. (2021). Cyber threat in public sector: Modeling an incident response framework. IEEE Xplore. https://doi.org/10.1109/ICIPTM52218.2021.9388333

Park, H., Lim, K., Kim, D., Yu, D., & Koo, H. (2023). Demystifying the regional phishing landscape in South Korea. IEEE Access, 11, 130131-130143. https://doi.org/10.1109/access.2023.3333883

Porter, T., & Tan, N. (2022). An integrated complex adaptive governmental policy response to cyberthreats. Journal of Economic Policy Reform, 1-15. https://doi.org/10.1080/17487870.2022.2125390

Ramadhan, U. F., Lee, J., & Yoon, M. (2023). A comprehensive study of cyber attack mitigation with the exchange of frequency containment reserves control in a multi-infeed direct current power system. Sensors, 23(4), 1964. https://doi.org/10.3390/s23041964

Riebe, T., Kaufhold, M.-A., & Reuter, C. (2021). The impact of organizational structure and technology use on collaborative practices in computer emergency response teams: An empirical study. Proceedings of the ACM on Human-Computer Interaction, 5(CSCW2), 1-30. https://doi.org/10.1145/3479865

Suresh, P., & Madhavu, M. L. (2021). Insider attack: Internal cyber attack detection using machine learning. 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). https://doi.org/10.1109/icccnt51525.2021.9579549

Ukhanova, E. (2022). Cybersecurity and cyber defence strategies of Japan. SHS Web of Conferences, 134, 00159. https://doi.org/10.1051/shsconf/202213400159

Wang, X. (2021). On the feasibility of detecting software supply chain attacks. IEEE Xplore. https://doi.org/10.1109/MILCOM52596.2021.965290

Watkins, A. (2024). Starbucks among companies affected by ransomware attack. The New York Times. [link]

Downloads

Published

2025-05-22

How to Cite

Ardhi, D. C., Sari, D. P., & Yankson, B. (2025). Cyberattacks in government organizations: A systematic literature review of attack types and mitigation strategies. Conference on Digital Government Research, 26. https://doi.org/10.59490/dgo.2025.1021

Conference Proceedings Volume

Vol. 26 (2025): Annual International Conference on Digital Government Research

Section

Posters

License

Copyright (c) 2025 Dimaz Cahya Ardhi, Dwi Puspita Sari, Benjamin Yankson

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.