Surge in Cyber Assaults Infiltrating Child Protective Services Infrastructure
A recent report titled "The Global State of CPS Security 2024: Business Impact of Disruptions," released by Claroty, sheds light on the cybersecurity challenges faced by organisations in the Australia and New Zealand (ANZ) region. The report is based on a survey of 1,100 professionals from various fields.
One of the key findings of the report is the importance of having an accurate inventory of all Critical Physical Systems (CPS) assets and understanding the key risks these assets face. Regulations such as the SOCI Act and industry-specific standards like AESCSF emphasise this need. However, organisations in the ANZ region have identified certain security capabilities they felt were lacking, particularly exposure management (16%) and not having an OT-specific Security Operations Centre (SOC) to respond to attacks (14%).
The report also highlights the severity of cyber attacks on CPS networks. 93% of ANZ organisations surveyed had one or more cyber attacks originate from third-party supplier access to their CPS environment in the past 12 months. This issue is particularly pronounced in the healthcare sector, with 78% of healthcare sector respondents globally reporting ransom payments over USD500,000.
Operational downtime due to cyber attacks is a significant issue. 25% of ANZ respondents experienced a full day or more of downtime, and 40% reported a recovery process that took a week or more. In some cases, the recovery process took over a month. Ransomware continues to play a significant role in recovery costs, with three-quarters of ANZ respondents paying over USD500,000 to recover from ransomware attacks.
The report also addresses the issue of risks to CPS networks, particularly regarding the remote locations of some of these networks. Australian organisations are reporting these risks, with a focus on the need for secure access principles for both third-party contractors and internal users to provide additional layers of auditability and monitoring on critical assets.
Despite these challenges, there are positive signs. 73% of ANZ respondents have greater confidence in the ability of their organisation's CPS to withstand cyber attacks today versus 12 months ago. 36% of ANZ organisations are already seeing quantifiable improvements in their CPS security. Moreover, 100% of ANZ respondents expect to see quantifiable improvements in their CPS security in the next 12 months.
However, not investing in the cybersecurity of CPS can lead to a serious hit to an organisation's bottom line. Loss of customer or partner relationships (19%), lost revenue (15%), and regulatory fines (12%) were the most common factors contributing to these financial losses in the ANZ region. 58% of ANZ organisations admit to having only partial or no understanding of third-party connectivity to their CPS environment.
In conclusion, the report underscores the need for organisations in the ANZ region to prioritise cybersecurity measures for their CPS networks. Implementing secure access principles for both third-party contractors and internal users is critical for Australian organisations to mitigate risks and ensure the resilience of their systems.
Read also:
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- New study reveals that Language Models can execute complex assaults independent of human intervention
- Cybercriminals struck once more, allegedly Lazarus group, causing a $23 million loss to a UK-registered cryptocurrency platform.
- Upgraded advisory from CISA and Microsoft on security weakness in Exchange Server
