SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Quantum Computing
#
Ransomware
#
SaaS

Thales report reveals critical security gaps in infrastructure

Thu, 15th Aug 2024
Author image
By Catherine Knowles, Journalist

Thales has released its 2024 Critical Infrastructure report, highlighting key security challenges encountered by organisations in critical sectors such as energy, utilities, telecommunications, and transportation globally, including in Australia. This report comes in the wake of Australia's Security of Critical Infrastructure Act (SOCI) set to enforce stricter security and risk management protocols from mid-August.

The research conducted by Thales reveals a concerning trend with 24% of critical infrastructure (CI) organisations reporting ransomware attacks within the past 12 months. Despite the increase in attacks, formal planning in response remains inadequate, with only 15% of respondents indicating they have a formal plan in place for such events. An area of particular vulnerability appears to be human error, cited as the leading cause of cloud-based data breaches by 34% of CI organisations.

Additionally, the report underscores the importance of multifactor authentication (MFA) in securing privileged accounts, with 20% of breaches attributed to the failure to apply MFA. This statistic is significantly higher, by six points, than breaches reported by the general respondent population. CI organisations continue to grapple with the challenges posed by both human error and MFA failures.

Another notable finding is that security consistency across workforce and non-workforce identities remains one of the top challenges, as reported by 61% of CI organisations. External identity is emerging as a critical security concern, compounded by the fact that on average, one-sixth (16%) of all external CI organisational access originates from customers.

The survey also points to operational complexity as an ongoing issue, with 57% of CI respondents stating they utilise five or more key management systems. This figure has increased slightly from 55% in 2022. Furthermore, 34% of CI enterprises reported the use of 50 or more Software as a Service (SaaS) applications, indicating a slight increase from 33% the previous year. Although there is some stabilisation, the need for further simplification in hybrid IT environments is evident.

Security concerns are not limited to current technologies. Future threats from quantum computing and the potential compromise of classical encryption techniques have prompted 69% of respondents to express interest in post-quantum cryptography (PQC). To address these emerging threats, 49% indicated plans to create resilience contingency plans, while 48% intend to prototype or evaluate PQC algorithms within the next 18-24 months.

The report also highlights that AI integration is on the rise among CI organisations, with 26% planning to incorporate AI into their core products and services over the next year, and 29% already experimenting with AI. However, this integration presents new security challenges. The rapid changes in ecosystems and operations associated with AI adoption are viewed as significant risks by 69% of CI respondents.

Thales’ findings underscore the critical need for improved planning, robust security measures, and the proactive management of emerging technologies in the critical infrastructure sector. The report suggests that organisations must prioritise these aspects to safeguard against escalating security threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barbara Larson joins SentinelOne as Chief Financial Officer
Zscaler launches new co-located data centre in Perth
Proofpoint unveils new security features
Trustwave highlights critical cyber threats to financial services
Proofpoint & CyberArk expand partnership for enhanced security
Top stories
CyberArk leads 2024 Gartner PAM Quadrant for sixth year
i-PRO strengthens AI governance with new ethics committee
Armis hires Christina Kemper to lead international expansion
BeyondTrust named leader in Gartner’s 2024 PAM Magic Quadrant
Tenable launches AI Aware to tackle escalating AI security risks