On June 27th, 2025, the FBI declared that America’s airlines are under attack from digital threats. Over the past year, airline and transport organisations have seen a drastic escalation in cyberattacks, with groups like Scattered Spider making the headlines. According to recent research from Thales, the aviation sector has seen a dramatic 600% year-on-year increase in cyberattacks, with 27 major attacks by 22 ransomware groups between January 2024 and April 2025. Notably, these attacks are not using cutting-edge techniques or advanced technologies; they’re taking advantage of the basic security failures that have gone unnoticed within a company’s infrastructure.
These are weak access controls, gaps in identity management, or missed third-party risks. This isn’t just an unfortunate occurrence for a few companies; it’s a wider industry problem that is only getting bigger. The complexity of modern operations means it’s all too easy for something to slip through the cracks – attackers aren’t just spotting oversights, they’re actively probing multiple entry points and exploiting that complexity to gain access.
The limits of periodic security checks
Most organisations still rely on periodic audits and checks to assess their security posture; this is one of the biggest challenges we face. Although these audits might take place monthly or quarterly, attackers do not have a schedule to operate around, they are on the lookout for opportunities to exploit systems every hour of the day. This sort of approach creates blind spots, especially when it comes to third-party suppliers and contractors, where visibility into their controls is often completely non-existent.
A recent example is the situation involving Qantas, where the airline was reportedly contacted by a cybercriminal claiming to have accessed sensitive data. However, the company hasn’t confirmed whether a breach or ransom demand actually occurred. Cases such as this highlight even more just how common failure points are manipulated through poor access management, weak multi-factor authentication, insecure password reset processes, and unregulated third-party access. These problems are nothing new, but they’re compounded by the outdated belief that periodic, manual checks are enough. The reality is that by the time this kind of evidence is gathered, it’s already out of date, meaning organisations never get a true, real-time picture of their risk.
We need to see a mindset shift from assuming that controls are working just because they were checked weeks or even months ago, to actively verifying that they’re working right now. Without that shift, organisations will continue to expose these gaps, giving attackers the space to move in quietly and stay undetected. Just like we would never leave the back door of our houses open, we shouldn’t leave blind spots in our business unmonitored. To truly bolster operational resilience, organisations must embrace automation and adopt a continuous, real-time view of their controls.
From periodic checks to continuous insight
To keep up with today’s rising dangers to the aviation and transport sectors, there’s a need to move beyond scattered and periodic checks and adopt a more continuous approach to managing risk, that becomes embedded in day-to-day tasks. Cybersecurity needs to become proactive, not reactive. Continuous Control Monitoring (CCM) is about real-time oversight of whether critical security controls are working, not just on paper, but in practice.
It assures organizations that the safeguards they’ve put in place are doing their job and keeping threats at bay. This means spotting failures before they become breaches, especially in high-risk areas like privileged access (where attackers can gain elevated permissions), identity controls, and third-party connections. CCM also helps close the gap between compliance and real security because passing an audit once a year isn’t the same as being secure daily.
CCM allows businesses to maintain visibility over their extended supply chain, where many threats can originate. The recent wave of attacks, including those targeting access and privilege escalation, shows how essential it is to monitor not just your own systems, but those of the partners you rely on. CCM helps security leaders prioritise action based on real-time risk, rather than purely based on assumptions. It turns control monitoring from a static task into a continuous source of insight, something that can guide both daily operations and long-term strategy. In a sector where trust and safety are paramount, this kind of visibility is no longer a ‘nice to have’ – it’s a fundamental to operational resilience.
Know your environment, stay ahead
With the global aviation cybersecurity market estimated to reach $5.32 billion in 2025, the pressure to get this right will only increase. Continuous control monitoring isn’t just a technical shift; it’s a mindset change, and one that the industry can no longer afford to delay. The reality is that most successful cyberattacks today aren’t due to the result of advanced tactics; they’re the result of basic control failures that no one noticed in time. Just like any other company, when you fail to address basic administrative tasks or oversee the ongoing business, you fail to notice small changes or cracks opening up. In a sector as complex and interconnected as aviation and transport, waiting for the next audit isn’t enough.
CISOs and security leaders need to prioritise continuous visibility into how controls are performing, across both internal systems and third-party relationships. You can’t stop every threat, but you can understand your environment better than the attackers do, and that makes all the difference. If you know your environment and your system inside out, you can put the right measures in place at the right times.
Martin Greenfield is the CEO of Continuous Controls Monitoring solutions provider, Quod Orbis. He has over two decades in the cybersecurity space. With his team, Martin helps deliver complete cyber controls visibility for our clients via a single pane of glass, through Quod Orbis’ Continuous Controls Monitoring (CCM) platform. Their clients can see and understand their security and risk posture in real time, which in turn drives their risk investment decisions at the enterprise level.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.