The prevalence of email-related security breaches in Critical National Infrastructure (CNI) companies worldwide has been highlighted in a recent report by OPSWAT and Osterman Research.

Description

The study revealed that up to 80% of CNI organizations experienced email breaches in the past year, with phishing incidents [7] [9], account compromises [2] [9], and data leakage being common occurrences [9]. Email was identified as the primary attack vector for cybercriminals, with a median of 75% of threats arriving via email [2]. Despite advancements in cybersecurity [3] [5] [6], only 52% of organizations lack confidence in their current email defenses [2] [3] [4] [6], leaving them vulnerable to cyberattacks [3] [4] [5] [8] [9]. Legacy technology within CNI organizations is providing easy access for attackers [9], as outdated systems are difficult and expensive to replace [9], making them vulnerable to cyber threats [9]. Itay Glick [1] [6], VP of products at OPSWAT [1] [6], emphasized the need to treat every email message and attachment as potentially malicious and recommended advanced phishing protection measures such as behavioral AI and URL scanning [6]. Key systems in critical infrastructure are increasingly connected to the internet [1], making successful email attacks more dangerous [1]. Additionally, the study found that only 34.4% of organizations believed they were fully compliant with security regulations [1], with EMEA organizations feeling less compliant with GDPR [1]. OPSWAT underscored the evolving nature of attacks that bypass traditional security measures and the importance of adopting a zero-trust mindset to prevent email attacks and ensure compliance. A recent survey of IT and security leaders in critical infrastructure industries found that 63.3% of organizations acknowledged the need for improved email security measures, with attackers exploiting vulnerabilities through phishing attempts [3], malicious links [3] [6] [9], and harmful attachments [3] [6] [9].

Conclusion

Email-related breaches pose a significant threat to critical infrastructure organizations [3], exposing them to operational and business risks [3] [4] [5] [8]. It is crucial for organizations to adopt a zero-trust mindset and implement advanced phishing protection measures to prevent email attacks and ensure compliance with security regulations. As cyber threats continue to evolve, it is imperative for CNI companies to prioritize email security to safeguard their critical systems and data.

References

[1] https://www.infosecurity-magazine.com/news/critical-infrastructure-email/
[2] https://www.securitymagazine.com/articles/100713-80-of-critical-infrastructure-entities-affected-by-email-breaches
[3] https://betanews.com/2024/09/17/80-percent-of-cni-organizations-suffer-email-related-breaches/
[4] https://channelvisionmag.com/opswat-80-of-organizations-experienced-email-security-breach-in-last-year/
[5] https://www.prnewswire.com/news-releases/new-study-from-osterman-research-and-opswat-finds-80-of-organizations-experienced-an-email-related-security-breach-in-the-last-year-302249781.html
[6] https://securityboulevard.com/2024/09/email-security-breaches-rampant-among-critical-infrastructure-organizations/
[7] https://www.scmagazine.com/brief/email-attacks-prevalent-in-critical-infrastructure-firms
[8] https://www.automation.com/en-us/articles/september-2024/osterman-opswat-study-email-related-security
[9] https://www.techrepublic.com/article/critical-national-infrastructure-email-security/