Commentary

Email Break-Ins: Corporate Inboxes Are Very Open To Attacks

A shocking 65% of companies were hit with an email breach within the last 12 months, and the number could be as high as 80% among infrastructure firms. And we can expect more, given the lack of confidence and preparedness, judging by the 2024 Report: Email Security Threats Against Critical Infrastructure Organizations, a study from OPSWAT, conducted by Osterman Research. 

Email is the primary attack vector for cyber threats, with attacks taking place through phishing attempts, malicious links, and harmful attachments.

Worldwide, 48% of organizations lack confidence in their existing email security defenses. And 63.6% do not feel that their approach to email security is “best in class.”

"This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset," says Yiyi Miao, chief product officer at OPSWAT. "The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels."

advertisement

advertisement

The bigger the firm, the greater the threat. Companies with 5,000 employees are at the highest risk.

Here are the main types of attacks:

  • Successful phishing attack: e.g., one that resulted in loss of behavior or credentials—28.6%
  • Email login credentials were compromised for Microsoft 365 — 27.8%
  • Data leakage, e.g., sensitive data was emailed to the wrong person — 22.2%
  • Successful ransomware attack that resulted in one or more endpoints being infected — 18.9%
  • An endpoint was infected with malware — 18.5%

In terms of feeling secure, things have improved in North America, where 54% of firms express low confidence versus 77% who had little confidence 12 months ago. But that’s still above the worldwide average. 

Still, North America outranks the EMEA region when it comes to compliance with email security regulations: 75% feel they comply, and 34% strongly agree. 

In contrast, 70% agree in EMEA, with 28% who strongly agree. APAC beats everyone, with 78% saying they comply, and 38% saying they strongly agree. 

The big obstacles to email security? They are:

  • Inability to find better email security technologies — 77.6%
  • Lacking the right professional skills in-house — 74.8%           
  • Lack of visibility into the threats entering the organization via email — 71.6%
  • Insufficient budget for email security solutions — 65.2%

The big threats going forward? In North America, they are:

  • Phishing attacks — 63%
  • Data exfiltration attacks — 48%
  • Attacks that seek to compromise operational technology (OT) systems — 48%
  • Zero-day malware attacks — 47%
  • Ransomware attacks — 42%
  • Attacks exploiting a zero-day vulnerability in common applications, e.g., Microsoft Office — 39%
  • Account takeover attacks — 31%

OPSWAT surveyed 250 respondents in IT and security leadership roles in March 2024. 

 

 

Next story loading loading..