As connected devices and systems have become more advanced, engineers in turn have become savvier about the realities of a digitally connected enterprise, especially with regard to securing their operational technology (OT) systems. Even with globally increasing cybersecurity awareness, however, organizational cybersecurity ultimately depends on each individual, especially when it comes to sophisticated phishing and ransomware risks. Recent reports from cybersecurity firms Red Sift (London, U.K.; www.redsift.com) and Dragos (Hanover, Md.; www.dragos.com) showed that major companies spanning chemicals and other critical-infrastructure sectors remain vulnerable to catastrophically disruptive cyber-attacks.
Phishing vulnerabilities
Phishing and domain-spoofing are scams (usually instigated via email) where users are tricked into exposing sensitive data or downloading harmful malware. Red Sift surveyed 840 companies from the chemical, energy and water/waste sectors [1] about their email-security practices and found that 42% of all companies had insufficient policies in place to prevent phishing and domain-spoofing attacks, based on established protocol Domain-based Message Authentication, Reporting, and Conformance (DMARC; www.dmarc.org). Looking at just the chemicals sector, more than 40% of surveyed companies were considered “fully unprotected” against email cyber-threats. According to Red Sift, this lack of protection “is particularly worrying given the sensitive nature of the industry… security breaches could have catastrophic consequences.” The report further stresses that “email remains a primary attack vector for industrial espionage, with competitors seeking formulas, manufacturing processes and customer lists.”
Growth in ransomware
Similar to phishing, ransomware attacks depend on accessing and encrypting sensitive data to hold an employee, or entire organization, “ransom,” often demanding payment to release the captive data. Dragos’ Industrial Ransomware Analysis for the third quarter of 2025 [2] further underlines the complexity of email-based attacks by foregrounding the escalation of Ransomware-as-a-Service (RaaS) affiliates and initial access brokers (IABs), and the exploitation of unsecured connections between OT and information technology (IT) systems. From July to September 2025, Dragos identified 742 ransomware incidents impacting industrial organizations, which is a marked increase from the year’s first two quarters. While the volume of incidents continues to rise, the barrier to entry is reduced for new ransomware operators, which are now often aided by AI-assisted tools. Dragos’ report states that these groups’ “operations consistently targeted the IT systems that support production, logistics and engineering workflows. These groups relied on familiar initial access vectors, such as compromised credentials, access purchased from IABs and commodity phishing kits.” With the alarming growth and maturity of cyber-threats, vigilance is crucial at all levels of any essential-services organization, especially in the wake of emerging federal regulations surrounding email authentication. For more on cybersecurity, please read the article Securing the Industrial Edge: Protecting Legacy Systems in the IIoT Era, pp. 35–38. ■
Mary Page Bailey
1. Red Sift, Over 40% of essential services companies remain vulnerable to phishing, Nov. 2025.
2. Dragos, Industrial Ransomware Analysis, Q3 2025, Dec. 2025.