22 November 2024, Fri |
4:23 PM
OPSWAT, a cybersecurity company for critical infrastructure protection, has released its 2024 Report on Email Security Threats Against Critical Infrastructure Organizations. Conducted in collaboration with Osterman Research, known for its expertise in IT security trends, the report surveyed IT and security leaders across critical infrastructure sectors. Findings reveal that 80% of these organizations experienced an email-related security breach in the past year, while 63.3% of respondents acknowledged a need for stronger email security measures.
Email remains essential for communication and productivity, yet it is the primary entry point for cyber threats. Attackers exploit vulnerabilities through phishing, malicious links, and harmful attachments, which can penetrate networks and compromise both IT and operational technology (OT) environments. Worryingly, over half of respondents assumed email messages and attachments were safe by default, underestimating the inherent risks.
Key Findings:
– High Incident Rates: 80% of critical infrastructure organizations reported email security breaches in the last 12 months, with an average of 5.7 phishing incidents, 5.6 account compromises, and 4.4 data leakage incidents per 1,000 employees.
– Email as Primary Threat Vector: Email is the primary cyberattack vector, responsible for 75% of cybersecurity threats against critical infrastructure organizations. For two-thirds of these organizations, 61% to 100% of threats are email-based.
– Security Gaps: 48% of respondents lack confidence in their current email security, and only 34.4% are fully compliant with relevant email security regulations. Additionally, 63.6% do not believe their email security is best-in-class.
– Rising Threat Levels: Over 80% of organizations expect threat levels for phishing, data exfiltration, and zero-day malware attacks to remain steady or increase in the next year.
– Lack of Zero-Trust Mindset: More than half of respondents operate under the assumption that email messages are benign by default, highlighting a need for a zero-trust approach.
Rising Aspirations for Enhanced Security
Despite low current success metrics, critical infrastructure organizations aim for significant improvements. While only 52% of respondents feel confident in their email security today, 74.8% aspire to reach high protection levels within the next 12 months. Additionally, 84.8% seek to enhance their defenses against emerging and unknown email threats over the same period.
“These findings underscore the need for a zero-trust approach to email security,” said Yiyi Miao, Chief Product Officer at OPSWAT. “The prevalence of email-related breaches poses a serious threat to critical infrastructure, making it essential for organizations to adopt a prevention-first perimeter defense strategy.”
The survey also exposed a significant gap in advanced email security practices. Many organizations lack essential capabilities, such as Content Disarm and Reconstruction (CDR), URL scanning for malicious activity, and anomaly detection within emails. OPSWAT reaffirms its commitment to empowering critical infrastructure organizations with prevention-based, cutting-edge cybersecurity solutions to address these challenges.
