Singapore – Ransomware attacks against critical infrastructure (CI) organisations are on the rise, with 24% of them having experienced an attack. This is according to the latest report from IT services and consulting firm Thales, which revealed an increase in attacks against critical sectors and a lack of response preparedness.
Data from the findings showed a 4-point increase compared to the previous DTR Critical Infrastructure Edition report in 2022. However, planning continues to fall short, with only 15% of CI respondents stating they would follow a formal plan in the event of an attack.
Among CI organisations, human error was also observed to become the leading cause of cloud-based data breaches at 34%. This encompasses failure to apply multi factor authentication (MFA) to privileged accounts as another major cause, at 20% and 6 points higher than all respondents.
The study further revealed human error and MFA failures are more prevalent in CI organisations than in the general population.
On average, 16% of all external CI organisational access comes from customers. Among these survey respondents who cited external identity as an emerging security concern, 61% of them also cited achieving security consistency across workforce and non-workforce identities among the top challenges.
When asked about cloud/DevSecOps security as an emerging security concern, the greatest proportion also said secrets management (56%) as a top DevOps challenge, followed by workforce IAM issues such as privileged user management (53%).
Meanwhile, security concerns still persist due to operational complexity, with 57% of respondents reporting five or more key management systems, a slight increase from 55% in 2022.
The percentage of CI enterprises with 50 or more SaaS apps also rose marginally, from 33% in 2022 to 34% this year. These findings suggest a stabilisation of hybrid IT complexity, but additional efforts towards simplification are necessary.
Additionally, threats from quantum computing and future compromises of classical encryption techniques, enabling “harvest now, decrypt later” (HNDL) attacks, also became a leading interest in post-quantum cryptography at 69%.
In particular, among CI respondents who identified post-quantum, cryptography was cited as an emerging security threat. Around 49% further indicated they would likely create resilience contingency plans, and 48% shared they would prototype or evaluate PQC algorithms in the next 18–24 months.
Lastly, key findings of the study also demonstrated the era of artificial intelligence is finally being observed, with 26% of CI respondent organisations planning to incorporate AI into their core products and services in the next 12 months and 29% experimenting with AI.
Despite this inherent criticality to the worldwide economy, CI enterprises are adopting innovations in AI. However, their top concern remains managing the associated fast-changing environmental risks, citing 69% of CI respondents who identified ecosystem and operational alterations as their greatest and most concerning risks.
