OPSWAT, a global leader in critical infrastructure protection, today released the 2024 Report: Email Security Threats Against Critical Infrastructure Organizations. Conducted with Osterman Research, the study surveyed IT and security leaders working within critical infrastructure industries and revealed that 80 percent experienced an email-related security breach over the past year and 63.3 percent of respondents acknowledge that their email security approach needs to be improved.
Email is a necessary tool for communication and productivity across all sectors, but it is also the primary attack vector for cyber threats with attackers exploiting vulnerabilities through phishing attempts, malicious links, and harmful attachments. Once infiltrated, these threats can cascade through networks, jeopardizing both IT and operational technology (OT) environments. Alarmingly, more than half of respondents believed email messages and attachments to be benign by default, failing to realize inherent email risks.
“This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset,” said Yiyi Miao, Chief Product Officer at OPSWAT. “The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels.”
Key highlights of the research include:
- Lingering Vulnerability: Despite advancements in cybersecurity, 48 percent of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.
- Noncompliance presents significant operational and business risks: Shockingly, 65 percent of organizations are not compliant with regulatory standards, exposing themselves to significant operational and business risks.
The survey responses also unveiled a major gap in advanced email security capabilities that preclude and prevent threats from reaching users’ inboxes. Essential measures such as Content Disarm and Reconstruction (CDR), URL scanning for malicious signals, and anomaly detection within email messages are notably absent in many organizations’ defenses.
For access to the full report and additional findings, visit https://www.opswat.com/osterman-report.