80 percent of CNI organizations suffer email related breaches

A new survey of IT and security leaders working within critical infrastructure industries reveals that 80 percent of organizations experienced an email-related security breach over the past year, and 63.3 percent of respondents say their email security approach needs to be improved.

The report from infrastructure protection company OPSWAT based on a study by Osterman Research finds that despite advancements in cybersecurity, 48 percent of organizations lack confidence in their existing email security defenses, leaving them vulnerable to potentially devastating cyberattacks.

Although email is a necessary tool for communication and productivity across all sectors, it is also a primary attack vector for cyber threats with attackers exploiting vulnerabilities through phishing attempts, malicious links, and harmful attachments.

Once infiltrated, these threats can cascade through networks, jeopardizing both IT and operational technology (OT) environments. What's worrying is that more than half of respondents believe email messages and attachments to be benign by default, failing to realize inherent email risks.

"This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset," says Yiyi Miao, chief product officer at OPSWAT. "The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels."

The report also reveals that 65 percent of organizations are not compliant with regulatory standards, exposing themselves to significant operational and business risks.

You can get the full report from the OPSWAT site.

Image credit: jpkirakun/depositphotos.com