Over 126 million malicious emails have been fired at House of Commons (HoC) inboxes this year, a 358% increase on the total figure for 2020, according to new figures from Parliament Street.
The think tank obtained Freedom of Information (FoI) data from the UK parliament’s lower house, revealing a significant increase in potential threats over recent years.
The number of emails blocked by HoC filters in 2018 was just 15.7 million in 2018, nearly doubling to hit 30.3 million in 2019, but then dropping again to almost 28 million in 2020.
With 126.4 million malicious emails recorded up to September this year, Parliament Street reckons the total for 2021 could reach as high as 150 million.
However, there are no data on how many if any threats slipped past filters during this time.
Chris Ross, SVP international at Barracuda Networks, argued that the uptick in threats this year could result from attackers trying to target remote working civil servants via cloud infrastructure.
“All it takes is for one well-placed email to be mis-clicked before an entire organization is facing a severe breach of customer or company information, or even being held to ransom,” he added.
“Our analysis from 2020 revealed that public sector organisations are one of the biggest targets of ransomware attacks due to the sensitivity of the information stored on its servers, combined with the inherent weaknesses in some of their department’s security protocols.”
Tessian CEO, Tim Sadler, blamed phishing for the surge in email threats.
“Remote work meant employees were more reliant on email to stay connected with colleagues while verifying the legitimacy of an email became more difficult. It just takes one email to slip through the cracks, and one employee to fall for the scam to cause a serious security incident,” he argued.
“So, as phishing attacks continue to rise and become more sophisticated, businesses must empower people to be more resilient to these threats – providing them with the tools and knowledge they need to spot the scams and avoid falling victim – wherever they choose to work.”
The only major cyber incident in the Commons that led to compromised inboxes in recent years was an Iranian state-sponsored effort in 2017. However, even here, only 1% of 9000 inboxes were affected.