Thales today releases the findings of its 2024 Critical Infrastructure report. Organisations across energy and utilities, telecommunications, transportation and trucking/shipping industries globally (including in Australia) have been surveyed.
This comes as Australia’s Security of Critical Infrastructure Act (SOCI) will come into effect on August 17th, forcing a wide range of organisations from critical industries to comply with stricter security and risk management processes.
Findings from the Thales research show that critical infrastructure (CI) organisations are not only increasingly victims of ransomware attacks (24% reported having experienced an attack in the past 12 months), but planning is still poor with only 15% saying they would follow a formal plan in the event of an attack.
This comes as human error is the leading cause of cloud-based data breaches, and external identity being identified as an emerging security concern, while achieving security consistency across workforce and non-workforce identities is one of the top challenges.
Furthermore, a significant portion of CI organisations are experimenting with AI and planning to integrate AI into their core products and services in the next 12 months, which raises more security concerns.
Other insights from the report include:
-
The proportion of critical infrastructure organisations that have ever been breached remains high with 42% of CI organisations having experienced a breach in the past
- Encouragingly, recent CI breach history (in the last 12 months) decreased from 22% in 2021 to 15% in 2024
- Worryingly though, ransomware attacks against CI organisations continue growing, with 24% reporting that they have experienced an attack, a 4 points increase since the previous DTR Critical Infrastructure Edition report in 2022
- Operational complexity remains a security concern, with 57% of CI respondents reporting they use five or more key management systems
- Regarding threats from quantum computing, future compromise of classical encryption techniques, enabling “harvest now, decrypt later” (HNDL) attacks, is leading interest in post-quantum cryptography (69%). Among CI respondents who identified post-quantum cryptography as an emerging security threat, 49% indicated they would likely create resilience contingency plans, and 48% said they would prototype or evaluate PQC algorithms in the next 18-24 months
-
The AI boom is underway: 26% of CI respondent organisations plan to integrate AI into their core products and services in the next 12 months, and 29% are experimenting with AI. Despite their inherent criticality to the worldwide economy, CI enterprises are embracing innovations in AI. Yet, managing the associated fast changing environmental risks is their greatest concern: 69% of CI respondents said that ecosystem and operational alterations are their greatest, most concerning risks.
The full report can be found here: https://cpl.thalesgroup.com/critical-infrastructure-data-threat-report