Report: 80% of critical infrastructure hit by email breaches
OPSWAT has released a report detailing significant vulnerabilities in email security among critical infrastructure organizations, with 80% experiencing a related breach in the past year.
This report, titled "2024 Report: Email Security Threats Against Critical Infrastructure Organizations," was conducted by Osterman Research, a firm specialising in IT security and data management trends.
The study involved a survey of IT and security leaders within critical infrastructure industries. It revealed that despite advances in cybersecurity, 48% of the organisations surveyed lacked confidence in their existing email security measures. Additionally, 63.3% of respondents recognised the need to improve their email security strategies.
Email is a ubiquitous tool for communication and productivity, but it is also a key vector for cyber threats. Attackers often exploit vulnerabilities through phishing attempts, malicious links, and harmful attachments. These email-based threats, once infiltrated, can spread across networks, jeopardising both IT and operational technology (OT) environments. Alarmingly, more than half of respondents believed email messages and attachments to be benign by default, underestimating the risks associated with email communication.
Yiyi Miao, Chief Product Officer at OPSWAT, highlighted the urgency of adopting a zero-trust approach to email security. Miao stated, "This lax approach from survey respondents emphasises the need to adopt a zero-trust mindset.
"The prevalence of email-related breaches poses a significant threat to critical infrastructure organisations, necessitating a shift to a stronger, prevention-based perimeter defence strategy against established communication and data exchange channels," he said.
The report's key findings include:
- Critical Infrastructure as a Target: 80% of critical infrastructure entities fell victim to email-related security breaches in the past 12 months, demonstrating their appeal to cyber criminal actors.
- Persistent Vulnerabilities: Despite advancements in cybersecurity, 48% of organizations continue to lack confidence in their email security defences, leaving them open to potential cyberattacks.
- Non-compliance Risks: A striking 65% of organisations do not meet regulatory standards, exposing themselves to significant operational and business risks.
The survey also identified a significant gap in advanced email security measures that could prevent threats from reaching users' inboxes. Notably, many organisations lacked essential mechanisms such as Content Disarm and Reconstruction (CDR), URL scanning for malicious indicators, and anomaly detection within email messages.
The report showed that organisations are increasingly acknowledging the necessity of bolstering their email security measures. In response to these challenges, OPSWAT has reaffirmed its commitment to providing critical infrastructure organisations across a wide range of industries and sectors with advanced, prevention-based cybersecurity solutions.