LONDON -- The Water Services Regulation Authority, known as Ofwat, which regulates the private water and sewerage industry in England and Wales, has been flooded with a total of 21,486 malicious emails so far in 2021, according to official figures.
The data, obtained under the Freedom of Information (FOI) Act and analyzed by the Parliament Street think tank, comes following warnings from the National Cyber Security Centre (NCSC) that smart cities could be at risk of a devastating cyber attack, arguing that sensitive utility and transport data also needs to be secured from being stolen in large volumes.
Ofwat has only 266 employees, which suggests that the corporate email addresses are regularly bombarded with spam and phishing emails, which if successful, could cause major problems for data protection as well as productivity.
In total, 5,149 emails were marked as phishing, which tricks users and staff members into believing that the message is a legitimate request — such as an email from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
Spam emails, came in more frequently, with 16,337 emails reported as spam which could contain malware, which is software intentionally designed to cause damage to a computer, server, client, or computer network.
The highest month for spam emails was March 2021, where a total of 4,769 were flagged. The second highest was February 2021, with 4,116 spam emails flowing into recipients’ inboxes.
With phishing emails, March 2021 was the highest month, totaling 1,600, followed by February 2021 with 1,392 phishing attacks hitting the organization.
All the 21,486 malicious emails were reported as being successfully blocked by the Ofwat.
“Over the course of the pandemic, we’ve seen a huge rise in the volume and sophistication of malicious phishing emails designed to trick employees into handing over confidential data,” Cyber security expert Chris Ross, SVP International, Barracuda Networks said. “These figures are another reminder of the risks these scams pose to critical national infrastructure, such as vital utilities and transport, with hackers seeking to disrupt services, steal personal financial data as well as holding organizations to ransom.
Tackling this threat requires a concerted effort, both in terms of delivering the necessary cyber awareness training so that staff think twice before handing out critical information and having the right email protection systems in place to identify and quarantine suspicious emails before they reach the inbox of users. Additionally, organisations should ensure they have the necessary backup and recovery systems in place, to mitigate against loss or theft of data in the event of a successful ransomware attack.”
