NETWORK SYSTEMS

Study from Osterman Research and OPSWAT finds low confidence in the ability to prevent email-related threats and an urgent need for improved email security practices in critical infrastructure sectors .

This research was conducted with Osterman Research , known for its in-depth analysis and insights into emerging trends and technologies in IT security and data management . The study surveyed IT and security leaders working within critical infrastructure industries and revealed that 80 % of organisations experienced an email-related security breach over the past year and 63.3 % of respondents acknowledge that their email security approach needs to be improved .

Email is a necessary tool for communication and productivity across all sectors , but it is also the primary attack vector for cyberthreats with attackers exploiting vulnerabilities through phishing attempts , malicious links and harmful attachments . Once infiltrated , these threats can cascade through networks , jeopardising both IT and

Yiyi Miao , Chief Product Officer at OPSWAT operational technology ( OT ) environments . Alarmingly , more than half of respondents believed email messages and attachments to be benign by default , failing to realise inherent email risks .

Key takeaways from the research include :

Up to 80 % of organisations in critical infrastructure sectors have been the victim of an email security breach in the past 12 months

Per 1,000 employees , the organisations in this research experienced 5.7 successful phishing incidents per year , 5.6 account compromises , and 4.4 incidents of data leakage , among other types of email security breaches . Organisations in critical infrastructure sectors are highly attractive to cyberthreat actors and are under constant attack .

Email is the primary cybersecurity attack vector in critical infrastructure sectors

A median of 75 % of cybersecurity threats against organisations in critical infrastructure sectors arrive via email . For two out of three organisations , the share of cybersecurity threats arriving by email ranges from 61 % to 100 %.

Success metrics for email security are low

48 % of the critical infrastructure organisations in this research are not confident that their current email security protections are sufficient against email-borne attacks . Only 34.4 % are fully compliant with the email-related regulations that apply to them , e . g ., GDPR and other privacy regulations . And 63.6 % are not confident that their approach to email security is best in class .

Threat levels for all types of cybersecurity attacks are expected to increase , with phishing , data exfiltration and zero-day malware attacks leading the way

Over 80 % of organisations expect threat levels of all email attack types to increase or stay the same over the next 12 months .

Most organisations do not approach email as malicious by default

More than half of the critical infrastructure organisations in this research operate from the assumption that messages and files are benign by default or attempt to operate from the flawed assumption that they are both benign by default and malicious by default . Many more firms need to embrace zero trust approaches for email security .

“ This survey findings emphasise the need to adopt a zero-trust mindset . The prevalence of email-related breaches poses a significant threat to critical infrastructure organisations , necessitating a shift to a stronger , prevention-based perimeter defence strategy against established communication and data exchange channels ,” said Yiyi Miao , Chief Product Officer at OPSWAT . �

www . intelligentbuild . tech 55