UK government employees are targeted with billions of malicious emails every year and may have clicked on tens of thousands of suspicious links, according to Comparitech.
The tech comparison firm received answers from 260 government organizations to which it submitted freedom of information (FOI) requests.
From these, it then calculated that 764,331 government employees ‘received’ a total of nearly 2.7 billion malicious emails in 2021 – amounting to an average of 2399 each. Comparitech clarified to Infosecurity that by 'received' it meant the emails were identified by the organizations in question, and therefore likely blocked.
On average, 0.32% of malicious emails were opened by staff in 2021, and 0.67% of these incidents resulted in employees clicking through on potentially malicious links, the report claimed.
Comparitech calculated that this could mean as many as 57,736 suspicious links were clicked on last year by UK government employees. The firm again clarified that it discounted any FOI answers which weren't clear in order to reduce the chances of over-estimating this figure.
When assessed per employee, it appears that NHS Digital recorded the highest number of malicious emails for 2021 (89,353), followed by the government of Northern Ireland (34,561) and the Financial Reporting Council (25,992).
Elsewhere, the researchers’ attempts to better understand the ransomware threat to the government were limited by a lack of transparency from respondents.
“In 2021, one government department revealed it had detected 97 ransomware attacks in just 30 days (none of which were successful),” explained Comparitech’s Paul Bischoff.
“Seventy-one government departments were also happy to report that they hadn’t suffered a ransomware attack in 2021 (the remainder – 187 – didn’t disclose whether they had or not). Only two government organizations revealed that they had suffered a successful ransomware attack in 2021.”