Home>Security>Cyber Crime>The Pensions Regulator hit by 148% increase in cyber attacks

The Pensions Regulator hit by 148% increase in cyber attacks

05 March 2020

The Pensions Regulator (TPR) was targeted by a total of 343,867 phishing, malware and spam email attacks in 2019, according to official data released by a Parliament Street think tank.

In 2018, TPR was the target of a recorded 138,834 email attacks, noting a percentage increase of 148 per cent (147.6) in just one year.
The data, obtained via the Freedom of Information (FOI) act, also revealed a breakdown of malware, phishing and spam attempts. In 2018, TPR blocked 127,664 spam emails and 11,170 malware and phishing emails. In 2019, TPR recorded 57,977 spam emails, 735 malware or phishing emails and a further 285,155 were blocked due to spam, phishing or malware risk, but were not categorised.
TPR is the UK regulator of work-based pension schemes. It is sponsored by the Department for Work and Pensions and works with trustees, employers, pension specialists and business advisers, giving guidance on what is expected of them. It is possible their servers contain sensitive customer information relating to pension schemes, which could be taken advantage of by a successful or sophisticated cyber attack.
Of the malicious emails which targeted TPR, phishing and malware were the least common but have the potential to be the most harmful. Phishing emails involve fraudulent activity designed to induce individuals to reveal personal information such as passwords and payment details; malware emails include a programme which is harmful to a computer. Spam emails are common and often quite easy to detect – they are quite simply unsolicited emails, often for the purpose of marketing or for phishing attempts or spreading malware.
Chris Ross, SVP, Barracuda Networks, said: “Addressing this threat requires investment in the necessary email protection software to efficiently block all incoming spam and malware, but also, help flag and protect against phishing and spear-phishing attempts. 
"These email attacks are often very realistic and can easily trick employees into handing over sensitive information, such as passwords, PIN numbers and other personal data. It’s also vital to ensure that all staff are properly trained to be aware of these threats and to think twice before entering data.
All it takes is for one employee to fall victims to a single, sophisticated scam email and the entire organisation could be at risk of a major data breach.”