More than 746,000 phishing emails pretending to come from the NHS were blocked in just one month in 2017, it revealed in a new report that crunched the numbers from the cyber-defence programme’s first year.
The proportion of global phishing attacks affecting the UK has consequently fallen from 5.3% to 3.1%.
Some 121,479 UK-hosted phishing sites were taken down last year. Three-quarters of UK government-related phishing sites were taken down in 24 hours.
Disguised as legitimate emails from trustworthy organisations, phishing emails are designed to deceive recipients into disclosing sensitive information or opening malicious email attachments that install malware on their computers.
The cyber-defence programme introduced various security scanning systems to perform millions of tests on government websites and emails being sent to and received from government networks.
But Rob Wilkinson, corporate security specialist at cybersecurity company Smoothwall, said the success had made only a dent in the problem.
“On a bigger scale, attacks by foreign countries and governments are usually the ones that make the headlines in the UK. But in fact, it is usually the smaller, more common and far more infectious malware and phishing cyber attacks that cause the most damage to the population as a whole.
“The ‘Great British Firewall’, as it has been dubbed in a report released by the GCHQ today, is said to have prevented 54 million online attacks in the UK alone last year – but when you consider that their ‘active defence programme’ has led to only a 2% reduction, the scale of the problem is there for all to see.”
He has the following advice for organisations: “While the government is certainly best equipped to tackle many of the online threats in 2018, there is a case to be made for many companies and institutions training their staff to know how to recognise signs of a cyber attack.
“Businesses should already have the latest defence systems in place to combat cyber attacks in the form of ongoing threat monitoring.
“However, an added layer of protection in the form of employee training is a surefire way of keeping workers – and the companies which they are employed by – safeguarded from malicious attempts at stealing sensitive information, infiltrating systems and generally causing chaos.”
Part of GCHQ, the National Cyber Security Centre was opened in early 2017 to offer advice to both citizens and organisations on how to protect themselves against hacks and data breaches.
