Source : 2022 Thales Data Threat Report Critical Infrastructure Edition, 2022

Critical Infrastructure Organisations (CIOs) have an important role to play in our economy and way of life. They are responsible for the production, distribution, and storage of goods and services essential to our daily lives. From electric utilities to water treatment plants, these organisations keep our lights on, our homes warm, and our tummies full. In other words, they are the backbone of our society. Because of their importance, CIOs are often targeted by bad actors looking to cause havoc or extract a ransom. In recent years, we have seen a sharp increase in ransomware and malware attacks against CIOs. Due to health and human safety considerations, critical infrastructure firms have some of the highest uptime standards, even more than banking or healthcare. Critical infrastructure firms are under attack, from the ransomware attack that compromised a significant US gas pipeline in 2021 to the development of nation-state strikes, notably after the start of the Russian invasion of Ukraine. These attacks are only likely to increase in frequency and severity as bad actors become more sophisticated in their methods. This research combines feedback from 300 security practitioners and leaders working for critical infrastructure firms, and it offers suggestions for lowering the risk of malware and ransomware attacks.


Remote Working Worsens the “Human Factor” Weakest Link

The “human component” continues to be the weakest link in cybersecurity, which is not surprising. The bulk of effective malware and ransomware operations enter businesses unintentionally through user error. This includes choosing passwords that are simple to guess, falling for phishing scams, and falling for social engineering tricks like workplace email intrusion. Large-scale transitions to “hybrid” working arrangements, which combine working remotely and in traditional workplaces and can vary from worker to worker, have made the situation worse. Attackers find it simpler to migrate laterally through enterprises thanks to the confluence of information technology (IT) and operational technology (OT), which transforms IT system problems into considerably more serious OT system problems. 79% of those polled expressed concern about the security concerns posed by employees who work remotely. 51% of firms with critical infrastructure said they utilise Multi-factor authentication (MFA).


Malware and Ransomware Attacks Increase and Become More Complex

55% of respondents ranked malware as the leading source of increased security attacks,  followed closely by ransomware(53%) which makes sense given that ransomware assaults frequently contain malware components, was named as the second-leading source of increased security attacks across all critical infrastructure organisations. Interestingly, whereas trucking and shipping reported significantly fewer malware (32%) but significantly more ransomware incidents (64%), transportation businesses reported larger malware rises than average (65%) and lower incidences of ransomware (45%). Compared to 20% in the overall survey, fewer than one-fifth (19%) of respondents who responded about critical infrastructure said they had been the victim of a ransomware attack. Even fewer ransomware assaults were reported by the transportation and energy/utilities sectors, at 17% each. Criminals have understood that there is a better chance of a reward for successful assaults against prominent critical infrastructure organisations.


Breaches and Failed Audits Are a Continuing Problem

In the previous year, cyberattacks have increased in volume, intensity, and/or scope, according to 44% of respondents. A security breach has affected more than one-third of respondents (39%) in the last year, which is 6% more than the average while a breach has affected 51% of respondents at some point in the past, which is 3% more than the average.


Diverse Data Protection Strategies Need Better Alignment and Common Direction

To use the proper security safeguards, the first stage in a data protection strategy is to determine where data is stored, followed by classification. An amazing 57% of respondents, which is 4% more than the norm, stated they are completely aware of or extremely sure that they are aware of where their data is held. However, just 28% of respondents said they could fully classify their data, and only 49%—6% less than the average—believed they could classify at least half of it. When given the option to choose which technologies safeguard data in the cloud, 62% went with encryption and 51% with key management.


Zero Trust Adoption Continues, Particularly in Cloud Environments

Organisations that provide critical infrastructure frequently have widely dispersed infrastructures made up of trucks, warehouses, shipping ports, power lines, transmitting sites, and railway assets. By ensuring “least privilege” access to widely dispersed, high-value data and assets, adopting zero trust principles can be a major strategy. The move of OT from proprietary, dedicated connections to the internet of things (IoT) has significantly increased attack surfaces while also expanding the size, complexity, and elasticity of the underlying networks. Zero trust tactics are typically very effective in these settings. Only 30% of respondents have official zero trust strategies and actively support zero trust policies. 26% are still in the planning and research stages of developing formal zero trust strategies, while 22% have none at all. It should come as no surprise that firms with a formal zero trust strategy have fewer breaches. Respondents were asked where they expected to use zero trust principles, and 61% said they would do so for cloud access, while 53% said they would do so for on-premises access and remote access management.


Cloud Apps and Data Continue To Grow, Increasing Attack Surfaces and Complexity

In a stacked survey question, participants were asked to list the targets for attacks that most worried them. The top three responses were cloud-hosted apps, cloud databases, and cloud-based storage. More than 40% of respondents’ workloads and data were located in the cloud, and 54% said that more than 60% of their cloud data was sensitive. The majority of respondents also mentioned having numerous cloud (IaaS) providers, which could provide problems due to the difficulties of safeguarding different cloud environments.


Moving Ahead

Due to widely dispersed infrastructures, heavily publicised breaches and ransomware attacks, a high prevalence of vulnerable IoT devices, and the human factor—which continues to be the weakest link in security defences—critical infrastructure organisations have been particularly impacted by security issues. In order to penetrate a target, criminals only need to discover one person—preferably one with high privileges—who uses poor password hygiene or who may be persuaded to reveal information. From there, breaches and failed audits may be caused by ransomware, malware, and other strategies. Low encryption rates and overly complex key management procedures, which frequently conflict with one another, contribute to the problem of data loss from breaches. MFA, a crucial defence strategy, is still not frequently used.



  1. Thales Group. (2022). 2022 Thales Data Threat Report Critical Infrastructure Edition[Ebook]. Retrieved 9 October 2022, from
  2. Cyber Threats to Critical Infrastructure 2022 Report – Cyber Risk Leaders. (2022, September 27). Cyber Risk Leaders. Retrieved October 11, 2022, from