A new report has revealed that Australia is one of the top five nations targeted encrypted cyber attacks, despite its efforts to become the most cyber secure country 2030. The research, conducted cybersecurity firm Zscaler, found that a whopping 86% of all threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels. This alarming statistic highlights the challenges faced Australian organizations in protecting themselves against advanced cyber threats.

The report also highlighted a significant rise in ad spyware site attacks in the APAC region, with a staggering 290% increase. Manufacturing was identified as the most targeted industry for the second consecutive year, while education and government organizations experienced the highest year-on-year escalations in attack incidences.

Notably, the study showed a 24% year-on-year increase in threats over HTTPS, accounting for approximately 30 billion blocked threats. Encrypted malware and malicious content emerged as the primary threats, constituting 78% of observed attacks.

The use of artificial intelligence and machine learning (AI/ML) in manufacturing raised concerns, as it expands the industry’s attack surface. The education and government sectors were also highlighted for their significant increase in encrypted attacks. The transition to remote and connected learning has exposed educational institutions to more threats, while the government sector remains a prime target for nation-state-backed threat actors.

Chief Security Officer at Zscaler, Deepen Desai, emphasized the urgent need for a shift in security approaches. He recommended adopting a Zero Trust Network Access (ZTNA) solution to inspect TLS traffic at scale and block threats, thus preventing sensitive data breaches. With nearly 95% of web traffic flowing over HTTPS, it is crucial to address the blind spots created the lack of inline inspection.

Zscaler suggests implementing comprehensive, zero trust architectures that can inspect all encrypted traffic and utilize AI/ML models to identify and isolate malicious activity. By employing cloud-native, proxy-based architecture and continuously monitoring all traffic, organizations can strengthen their defenses against encrypted attacks. Additionally, utilizing AI-driven sandboxing techniques and evaluating attack surfaces to quantify risk are essential steps in minimizing business risks during cyber attacks.

As Australia strives to achieve its goal of becoming the most cyber secure country, it is imperative for organizations to adapt to the evolving threat landscape and take proactive measures to defend against encrypted cyber attacks.