Many companies in the vital sector have poor email security against cyber criminals. The companies that are not in order include the nuclear power plant in Borssele, Air Traffic Control the Netherlands and water and energy companies. Safety regions are also failing in the field of cyber security.
This is evident from a study by Zembla. The editors of the TV program investigated this together with the Internet Cleanup Foundation. Looking at the mail servers of a hundred organizations in the vital sector has shown that things are not in order.
This research examined whether the companies meet the criteria and advice of the Standardization Forum and the National Cyber Security Center (NCSC). The advice they give is an implementation and strict configuration of the dmarc, dkim and spf email security standards.
The research concluded that 57 out of 100 companies have implemented and properly configured the recommended security standards. The other 43 organizations were missing at least one of the three safety standards.
As a result of this research, 34 of the 43 companies that do not have cyber security in good order indicated that they will tighten this up further.
The nuclear power plant in Borssele (EPZ) acknowledges that email security is not optimal, but says that it can nevertheless 'provide good resistance to cybercrime and monitor this permanently'. EPZ is further tightening email security. Other companies, such as those in the aviation sector, issued similar responses to the discovered vulnerabilities.
The most striking thing is that safety regions scored poorly in the survey. This while last year two security regions, North and East Gelderland, were hit by ransomware attacks.
Of the 25 regions, 13 had insufficiently protected their e-mail against phishing, even though this is mandatory for them as a government organization. They responded with 'Improvement takes time'. The security regions say that they are dealing with a 'complex ICT landscape' after the organizations' systems have been merged.
Does your company also have insufficient measures against email forgers? Please contact us and we will be happy to help you with this.
Source: Computable