OPSWAT, a global company focused on critical infrastructure protection (CIP) cybersecurity solutions, today released the 2024 Report: Email Security Threats Against Critical Infrastructure Organizations. This research was conducted with Osterman Research, known for its in-depth analysis and insights into emerging trends and technologies in information technology (IT) security and data management. The study surveyed IT and security leaders working within critical infrastructure industries and revealed that 80% of organizations experienced an email-related security breach over the past year, and 63.3% of respondents acknowledge that their email security approach needs to be improved.
Email is a necessary tool for communication and productivity across all sectors, but it is also the primary attack vector for cyber threats, with attackers exploiting vulnerabilities through phishing attempts, malicious links and harmful attachments. Once infiltrated, these threats can cascade through networks, jeopardizing both IT and operational technology (OT) environments. Alarmingly, more than half of respondents believed email messages and attachments to be benign by default, failing to realize inherent email risks.
“This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset,” said Yiyi Miao, chief product officer at OPSWAT. “The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels.”
Critical infrastructure is a target
The OPSWAT study finds low confidence in the ability to prevent email-related threats and an urgent need for improved email security practices in critical infrastructure sectors. The biggest highlights of the report were:
-
Critical infrastructure remains a target: 80% of critical infrastructure entities fell prey to email-related security breaches within the past 12 months, highlighting their attractiveness to cyber threat actors.
-
Lingering vulnerability: Despite advancements in cybersecurity, 48% of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.
-
Noncompliance presents significant operational and business risks: Shockingly, 65% of organizations are not compliant with regulatory standards, exposing themselves to significant operational and business risks.
Advanced email security is lacking
The survey responses also unveiled a major gap in advanced email security capabilities that preclude and prevent threats from reaching users’ inboxes. Essential measures such as content disarm and reconstruction (CDR), URL scanning for malicious signals and anomaly detection within email messages are notably absent in many organizations’ defenses.
Organizations recognize the need to improve their efforts in preventing email attacks, especially in response to these critical challenges. For access to the full report and additional findings, visit the OPSWAT website.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.
