The U.K. Government’s massive jump in email-based cyberattacks far outpaces even the most aggressive phishing or spam growth numbers seen this year.
If you were a cybercriminal and wanted to go “where the money is”, what better target than to go after the part of the government responsible for managing the pensions of hundreds of thousands of U.K. residents.
In a recent Freedom of Information request, the U.K. government agency The Pensions Regulator (TPR) provided details around the number of emails blocked due to spam, phishing, and malware risks.
In 2018, TPR encountered just under 139,000 emails that fit the criteria. In 2019, that number jumped to a whopping 344,000! This jump of more than double the 2018 number isn’t seen in any other year-over-year trend reporting. It demonstrates the power of targeted efforts by cybercriminals to attack a single organization.
If cybercriminals had been successful, they could have gained access to internal systems, diverting funds to criminal-controlled bank accounts. They also could have impersonated pensioners, employees, or partners to similarly commit fraud. They also could simply look to steal all the pensioner contact information and use it as part of a credential theft phishing attack.
No matter the threat action, the risk was – and is – real for TPR.
While it appears that TPR is having success in stopping a material number of potential attacks with the security solutions it has in place, we’re hearing about one-fifth of phishing attack URLs not being detected as such. This is cause for concern for TPR and other organization like it that manage hundreds of thousands of accounts and billions of dollars in funds. Elevating the security-mindedness of employees via Security Awareness Training is a prudent step for such organizations. With this training, employees become a part of the defense – in the same way that you can spot a potentially malicious email a mile away, they will be able to as well.
Even if your organization doesn’t have anything to do with financial accounts, it still houses customer lists, bank accounts, and valuable data – all things the bad guys would love to get their hands on. Think about adding this needed layer of protection.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
