Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Nozomi Networks Predicts Major A/NZ Critical Infrastructure Cybersecurity Uplift In 2024

Nozomi Networks Inc., the leader in OT and critical infrastructure security, today, says Australia and New Zealand critical infrastructure owners/operators will see a major uplift in cybersecurity – particularly in their operational technology (OT) and IoT environments – next year.

The company’s A/NZ OT and IoT security experts called out the importance of improving visibility over networks and devices, ‘secure-by-design’ frameworks, avoiding victim blaming when organisations are attacked, and tackling the skills shortages impacting the industry.

In Australia, the predictions come on the heels of the launch of the 2023-2030 Australian Cyber Security Strategy by the Federal Government, and as Security of Critical Infrastructure (SOCI) Act measures make an impact across critical infrastructure providers.

Anthony Stitt, Regional Senior Director, Nozomi Networks:

  • “As the official and unofficial grace periods come to a close on the SOCI requirements, we’ll see regulated critical infrastructure providers continue to uplift their OT and IoT security posture. Interest from non-regulated adjacent industries is high and more organisations will begin the journey.
  • “The inaugural Critical Infrastructure Annual Risk Review highlighted some important risks, including vulnerabilities in the connections between IT, OT and IoT environments, cyber literacy and security practices are not keeping pace with digitalisation, and next-generation technologies are needed to change the way to assess risk.
  • “One of the key issues to address is visibility over deep, widely connected networks with so many devices potentially talking to each other. All too often, IT and OT networks run together on the same flat network. For these organisations, many are planning segmentation projects, but they are complex and disruptive to implement, so in the meantime organisations want to understand what’s going on in these environments.
  • “What’s really positive to see is that organisations are more willing than ever to get their foot in the door. They understand there’s a lot of work to do, but starting with some basic tools and monitoring capabilities can still make a huge difference, and it starts the process of maturation.
  • “In Australia, the Government has performed very well by developing and executing the SOCI legislation reforms, and other regions are engaged in or considering similar initiatives. But across the region, we need a generational change to move away from victim blaming when cyber-attacks occur.
  • “There’s always something an attacked organisation could have done to remain protected, but we can’t forget that cybercrime is crime. Greater involvement and offensive capabilities from law enforcement will help to change that mindset, and it’s great that is a priority from Government through the 2023-2030 Cyber Security Strategy.”
Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

Marty Rickard, Director of Customer Success and Technical Support - Asia Pacific

  • “The industry in Australia and New Zealand is still embattled with a major skills shortage. The limited talent we have is spread primarily among vendors, leaving gaps in internal OT teams and partners, which provide a broader range of security-focused services.
  • “People talk a lot about the skills shortage in IT regularly, but at least there’s a fundamental understanding of the fundamental importance of security in IT. That can’t be said of OT yet, but it’s improving - we're going through the same pain IT did a decade ago of building these skills and understanding, often from scratch, which is positive.
  • “As it matures, we need to see OT and IoT security become ingrained into governance, risk and compliance (GRC) teams and we’ll be working closely with a range of critical infrastructure providers to take or at least build towards that journey in the year ahead, but the inaugural Critical Infrastructure Annual Risk Review reminded us these skills shortages aren’t going away.
  • “In New Zealand, we’re seeing some much-needed maturity in the market which is positive, and we expect that to continue in 2024. The ‘sky is falling in’ fear mongering is being replaced by practical engagement, technology discussions, and compensating controls to recognise and address risks for what they are.”

Dean Frye, Solutions Architect – Australia and New Zealand

  • “Networks and devices need to be secure by design, a methodology we expect will ramp up significantly in 2024. But even then, there are still too many projects taking place where secure by design isn't considered, isn’t known or understood as a concept. It comes down to fundamental controls normalising and recording the privileges granted to each device and network, holding that in a database and reviewing it regularly, assisted with automation tools.
  • “We need a major education and upskilling journey to change this, and the advent of SOCI, greater knowledge sharing between facilities managers, OT professionals and others are making a difference.
  • “The greater challenge is tackling environments built before cyber security even existed. One example we encountered involved a council environment where a sewerage system network had an open line to the council chambers, the library, the dog pound, and more. This creates unnecessary risk, but segmenting and securing these networks in a legacy environment takes time. We’ll see strong improvement in this space in 2024, but ultimately it will take a long time to fully rectify.”

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
GenPro: General Practices Begin Issuing Clause 14 Notices

GenPro has been copied into a rising number of Clause 14 notices issued since the NZNO lodged its Primary Practice Pay Equity Claim against General Practice employers in December 2023.More

SPADA: Screen Industry Unites For Streaming Platform Regulation & Intellectual Property Protections

In an unprecedented international collaboration, representatives of screen producing organisations from around the world have released a joint statement.More

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.