Locks and Security News: your weekly locks and security industry newsletter
19th January 2022 Issue no. 590
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Government Actuary's Department hit by an average of 24,740 malicious emails every month
The UK Government Actuary's Department (GaD) has been hit by an average of 24,740 malicious emails a month. The data, obtained and analysed by a Parliament Street think tank via a Freedom of Information (FoI) act request, revealed that a total of 74,221 malicious emails, including phishing, malware and spam had been sent to the GaD over July, August and September 2021.
The Government Actuary's Department provides actuarial solutions including risk analysis, modelling and advice to support the UK public sector. GaD has about 200 employees across two offices - London and Edinburgh - of whom around 165 are actuaries and analysts.
The majority of threats received by GaD were spam emails, with 38,653 attacks. In the three-month period, there was also 35,497 phishing attacks and 71 malware or virus emails in circulation.
The total amount of phishing attacks decreased over the three-month period. In July, a total of 15,233 phishing attacks came through. In August, this number reduced to 12,111 attacks and in September, the figure lessened again, to 8,153 phishing attacks.
On average, there were 12,884 spam emails at GaD across the three months. These emails could download viruses onto staff computers, and steal passwords and personal information.
The government is investing heavily in its IT infrastructure - to the tune of almost five billion pounds annually. The Department for Business, Energy & Industrial Strategy (BEIS) alone spent almost two million pounds on laptops and smartphones last year. Some 1,216 mobiles were issued to departmental staff in 2020, with 1,557 computers or laptops also added to circulation.
Tim Sadler, CEO and co-founder of Tessian comments:
"The number of phishing attacks organisations have to deal with is relentless. Phishing is one of the easiest ways for cybercriminals to hack into a company - and they just need one distracted or tired employee to miss the cues of an attack in order to be successful.
"While it's encouraging to see that the government is investing heavily in IT infrastructure to support workforces, they must also address whether robust security measures are in place to protect their employees - i.e. the people actually working from the devices. Failure to do so means that the risk of security incidents caused by human error - like falling for a phishing scam - will only continue to rise."
24th November 2021