Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Thales 2024 Critical Infrastructure report reveals a rise in ransomware and a lack of readiness

Human error is a leading cause of cloud-based breaches, while “security consistency” is a key challenge for the sector, and AI use presents “massive opportunities”.

user icon David Hollingworth
Tue, 20 Aug 2024
Thales 2024 Critical Infrastructure report reveals a rise in ransomware and a lack of readiness
expand image

Defence and security multinational Thales released its 2024 Critical Infrastructure report last week, and it makes for some grim reading.

One of the key figures is that ransomware attacks on critical infrastructure (CI) entities have increased year on year, with 24 per cent reporting an attack in the last 12 months, compared to 21 per cent for the previous reporting period.

In fact, 42 per cent of CI organisations have reported a data breach of some kind overall, though data breaches do seem to be decreasing. Fifteen per cent of organisations reported a breach this year, compared to 22 per cent last year.

============
============

Despite that mildly good news, critical infrastructure entities are struggling to maintain a solid cyber security posture.

Only 15 per cent of organisations said they would follow a “formal plan” following a cyber attack, while 34 per cent of cloud-based breaches are still caused by human error. CI organisations actually lag behind other entities when it comes to properly enabling multifactor authentication.

Operational complexity and managing external identities are also challenges. More entities are now using five or more key management systems, while there’s also been a slight increase in organisations using more than 50 SaaS applications. Sixty-one per cent of respondents said that managing identity across workforce and non-workforce identities was a particularly challenging concern.

The report also found that artificial intelligence use was booming in the sector. According to Erick Reyes, ANZ director at Thales Cloud Security, AI is presenting “massive opportunities for critical infrastructure organisations, whether it is because it promises to drive significant efficiencies and cost savings, or because it can support the creation of new innovative solutions”.

“Globally, over a quarter of CI organisations are planning to integrate AI into their core products and services in the next 12 months, and 29 per cent are currently experimenting with AI. This is a trend we see in Australia too, with a great number of local industries such as telecommunications, transports, logistics and energy/utilities heavily investing in AI-driven technologies,” Reyes told Cyber Daily.

Unfortunately, it’s not all plain sailing, and many issues with AI adoption still need to be addressed.

“GenAI, in particular, is opening the doors to a whole new world of attacks as data and digital identities are being exponentially shared across external platforms, as well as with third- and fourth-party providers,” Reyes said.

“Unfortunately, we are seeing too many CI organisations diving into AI being unprepared, without a formal plan in place when it comes to safeguarding their systems, data and digital identities from cyber risks. Our report showed that only 15 per cent of CI organisations would follow a formal plan in the event of an attack; this is worrying.”

But Reyes said that there are solutions.

“It is important to ensure digital identities and data are secure before engaging in any AI project, and that includes making sure they are protected outside of the organisation’s walls, working with trusted third- and fourth-party partners and platforms, as well as having a comprehensive, formal plan in place in case a breach or attack occurs,” Reyes said.

Thales’ research is based on a global survey of 2,961 security and IT professionals from 18 countries, including Australia and New Zealand.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.