More Australian organizations are coming under scrutiny from cyber hackers and national actors after leaders signed international security pacts, says French tech giant Thales Cloud Security.
Thales released its Cyber Threats to Critical Infrastructure 2022 Report today – just days after Optus announced that the personal security data of 10 million current and former customers had been stolen in a cybersecurity breach last week.
“It comes as Optus was the victim of a large-scale data breach last week, which brought the issue of critical infrastructure and critical data protection to the forefront of the conversation,” says Thales.
Australia used to be considered a “minimal threat” to other countries’ strategic interests, according to Brian Grant, director of Thales ANZ, but this has “changed significantly” in the past two years.
Australia’s participation in AUKUS – a security pact between Australia, the UK and the US – and the Quadrilateral Security Dialogue – a strategic security dialogue between Australia, India, Japan and the US – have put the nation on the radar of cyber threat actors, he said says.
“As a result, we have become a target. We are now more vulnerable than ever to attacks on our society.”
Many companies may have already been attacked without knowing it, Grant says, and malicious actors often stay “under the radar, poised for an economic, geopolitical, or financial event” before they attack.
He says July’s amendments to the Security of Critical Infrastructure (SOCI) Act 2018 – which subjected many more Australian businesses to strict 12-hour cyber incident reporting requirements – are “major strides” in combating threats to vital elements of the economy Australian economy and it is “not about more compliance”.
“It’s about linking the role of cybersecurity to critical service and supply chains. Ensuring cybersecurity is part of security practices across the spectrum of critical infrastructure.”
He recommends making the assessment of critical items an embedded process, as assets and data are constantly evolving.
“One-off audits quickly become obsolete,” he said.
The global survey of more than 2,700 people uncovered major gaps in risk management, stating that over 60% of critical sector data in the cloud is sensitive and human error remains the top threat.
“Security approaches that are no longer appropriate for today’s evolving threat landscape are now putting nations, organizations and people’s lives at risk,” Thales said.
The survey found that 44% of respondents reported an increase in the volume, severity, and/or scope of cyberattacks over the past 12 months, more than a third had experienced a security breach, and only half were able to classify at least half of their data.
More than three quarters were very or somewhat concerned about security risks and threats posed by employees working remotely. Only 45% had a formal ransomware plan and only half of the critical infrastructure organizations surveyed use multi-factor authentication.
“Companies may not have a good understanding of the impact of all parties involved, such as B. cyber insurers, incident response companies, government regulations and ransomware attribution,” the report states.