New Study from Osterman Research and OPSWAT Finds 80% of Organizations Experienced an Email-Related Security Breach in the Last Year
September 2024 by Osterman Research and OPSWAT
OPSWAT released the 2024 Report: Email Security Threats Against Critical Infrastructure Organizations. This research was conducted with Osterman Research, known for its in-depth analysis and insights into emerging trends and technologies in IT security and data management. The study surveyed IT and security leaders working within critical infrastructure industries and revealed that 80% of organizations experienced an email-related security breach over the past year and 63.3% of respondents acknowledge that their email security approach needs to be improved.
Email is a necessary tool for communication and productivity across all sectors, but it is also the primary attack vector for cyber threats with attackers exploiting vulnerabilities through phishing attempts, malicious links, and harmful attachments. Once infiltrated, these threats can cascade through networks, jeopardizing both IT and operational technology (OT) environments. Alarmingly, more than half of respondents believed email messages and attachments to be benign by default, failing to realize inherent email risks.
“This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset,” said Yiyi Miao, Chief Product Officer at OPSWAT. “The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels.”
Key Research Highlights:
• Critical Infrastructure Remains a Target: 80% of critical infrastructure entities fell prey to email-related security breaches within the past 12 months, highlighting their attractiveness to cyber threat actors.
• Lingering Vulnerability: Despite advancements in cybersecurity, 48% of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.
• Noncompliance presents significant operational and business risks: Shockingly, 65% of organizations are not compliant with regulatory standards, exposing themselves to significant operational and business risks.
The survey responses also unveiled a major gap in advanced email security capabilities that preclude and prevent threats from reaching users’ inboxes. Essential measures such as Content Disarm and Reconstruction (CDR), URL scanning for malicious signals, and anomaly detection within email messages are notably absent in many organizations’ defenses.
Organizations recognize the need to improve their efforts in preventing email attacks. In response to these critical challenges, OPSWAT reaffirms its commitment to equipping critical infrastructure organizations with cutting-edge, prevention-based cybersecurity solutions.