Brought to you by:

Australia more at risk from cyberattacks, Thales says

More Australian organisations are under scrutiny from cyber hackers and nation-state actors after leaders signed up to international security pacts, French technology group Thales Cloud Security says.

Thales today released its Cyber Threats to Critical Infrastructure 2022 Report – just days after Optus revealed the personal security data of 10 million current and former customers was stolen last week in a cyber security breach.

Previously, Australia was considered to pose "minimal threat” to the strategic interests of other countries, according to Thales ANZ Director Brian Grant, but this “changed significantly” in the last two years.

Australia’s participation in AUKUS – a security pact between Australia, the UK and the US – and the Quadrilateral Security Dialogue – a strategic security dialogue between Australia, India, Japan and the US – have put the nation on the radar of cyber threat actors, he says.

“As a result, we have become a target. We are now more at risk than ever from attacks on our society.”

Many companies may have already been attacked without knowing it, Mr Grant says, and malicious actors often “stay under the radar ready for an economic, geopolitical, or financial event” before they attack.

He says amendments to the Security of Critical Infrastructure (SOCI) Act 2018 in July – which saw many more Australian businesses subject to strict 12-hour cyber incident reporting requirements – were "great progress” in addressing threats against vital elements of the Australian economy and were “not about more compliance”.

“It’s about tying in the role of cyber security to critical service and supply chains. Ensuring cyber security is part of safety practices across the entire spectrum of critical infrastructure.”

He recommends making assessment of critical elements an embedded process as assets and data are continually evolving.

“One-off audits will quickly become outdated,” he said.

The global survey of more than 2700 revealed major gaps in risk management and says over 60% of critical sectors' data in the cloud is sensitive, and human error remains the main threat.

“Security approaches, no longer fit for today’s evolving threat landscape, are now putting nations, organisations and peoples’ lives at risk,” Thales said.

The survey found 44% of respondents reported increases in the volume, severity and/or scope of cyberattacks in the past 12 months, more than a third had experienced a security breach and only half could classify at least half of their data.

More than three-quarters were very or somewhat concerned about security risks and threats from employees working remotely. Only 45% had a formal ransomware plan and only half of critical infrastructure organisations surveyed use multi-factor authentication.

"Enterprises may not have a good understanding of the effects of all the parties involved, such as cyber insurance underwriters, incident response firms, government regulations and ransomware attribution,” the report said.