UK Government Staff Hit with Billions of Malicious Emails in 2021


UK government employees are targeted with billions of malicious emails every year and may have clicked on tens of thousands of suspicious links, according to Comparitech.

The tech comparison firm received answers from 260 government organizations to which it submitted freedom of information (FOI) requests.

From these, it then calculated that 764,331 government employees ‘received’ a total of nearly 2.7 billion malicious emails in 2021 – amounting to an average of 2399 each. It’s unclear how many of these actually made it into inboxes.

On average, 0.32% of malicious emails were opened by staff in 2021, and 0.67% of these incidents resulted in employees clicking through on potentially malicious links, the report claimed.

Comparitech calculated that this could mean as many as 57,736 suspicious links were clicked on last year by UK government employees. However, many of the 2.7 billion emails it extrapolated this figure from may have been blocked outright, which would significantly reduce that click-through number.

In fact, it admitted that higher figures for malicious emails ‘received’ don’t necessarily mean the departments in question are bigger targets for hackers, but rather it could be that their systems are better at filtering out suspect messages.

When assessed per employee, it appears that NHS Digital recorded the highest number of malicious emails for 2021 (89,353), followed by the government of Northern Ireland (34,561) and the Financial Reporting Council (25,992).

Elsewhere, the researchers’ attempts to better understand the ransomware threat to the government were limited by a lack of transparency from respondents.

“In 2021, one government department revealed it had detected 97 ransomware attacks in just 30 days (none of which were successful),” explained Comparitech’s Paul Bischoff.

“Seventy-one government departments were also happy to report that they hadn’t suffered a ransomware attack in 2021 (the remainder – 187 – didn’t disclose whether they had or not). Only two government organizations revealed that they had suffered a successful ransomware attack in 2021.”

Infosecurity has asked for more clarity on the report’s methodology.



Source link