The Government Actuary’s Department has been hit by an average of 24,740 malicious e-mails every month. Data obtained and analysed by the Parliament Street Think Tank via a Freedom of Information request has revealed that a total of 74,221 malicious e-mails, including phishing, malware and spam, had been sent to the Government Actuary’s Department across July, August and September this year.
The Government Actuary’s Department provides actuarial solutions including risk analysis, modelling and advice to support the UK’s public sector. Government Actuary’s Department plays host to circa 200 employees across two offices – in London and Edinburgh – of whom around 165 are actuaries and analysts.
The majority of threats received by the Government Actuary’s Department were spam e-mails, with 38,653 attacks of this nature. In the three-month period under examination, there were also 35,497 phishing attacks and 71 malware or virus e-mails in circulation.
The total amount of phishing attacks decreased over the three-month period. In July, a total of 15,233 phishing attacks came through. In August, this number reduced to 12,111 attacks and, come September, the figure lessened once again to a total of 8,153 phishing attacks.
On average, there were 12,884 spam e-mails received across the three months. These e-mails have the potential to download viruses to staff members’ computers and steal passwords and personal information.
IT infrastructure investment
The Government is investing heavily in its IT infrastructure to the tune of almost five billion pounds on an annual basis. The Department for Business, Energy and Industrial Strategy alone spent almost two million pounds on laptops and smart phones last year. Some 1,216 mobiles were issued to departmental staff in 2020, with 1,557 computers or laptops also part of the mix.
Tim Sadler, CEO and co-founder of Tessian, commented: “The number of phishing attacks that today’s organisations have to deal with is relentless. Phishing is one of the easiest ways for cyber criminals to hack into a company. They just need one distracted or tired employee to miss the cues of an attack in order for it to be successful.”
Sadler continued: “While it’s encouraging to see that the Government is investing heavily in its IT infrastructure to support the workforce, it must also address the issue of whether or not robust security measures are in place to protect employees. In short, the people actually working from the devices. Any failure to do so means that the risk of security incidents caused by human error, such as falling for a phishing scam, will only continue to rise.”