Security by Sector: 148% Increase in Cyber-Attacks on The Pensions Regulator in 2019

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

The pensions sector came under increased attack by cyber-criminals in 2019 with The Pensions Regulator (TPR) hit by 343,867 incidents of email phishing, malware and spam, according to official data released by think tank Parliament Street.

TPR aims to protect the UK’s workplace pensions and is sponsored by the Department for Work and Pensions. It ensures that employers, trustees, pension specialists and business advisers can fulfil their duties to scheme members.

TPR servers hold large amounts of sensitive customer data relating to pension schemes, and so are an attractive target for cyber-criminals looking to take advantage of such information. It is therefore concerning to see that the amount of email attacks TPR suffered in 2019 marked an increase of 148% from 2018, when it received a total of 138,834.

Chris Ross, SVP, Barracuda Networks, said: “Organizations which manage high volumes of personal financial information are seen as a top target for opportunistic cyber-criminals. With this in mind, it’s no surprise to see that email attacks on The Pensions Regulator are on the rise.

“All it takes is for one employee to fall victim to a single, sophisticated scam email and the entire organization could be at risk of a major data breach.”

Tackling this challenge requires investment in the latest cyber-skills training, ensuring that every single employee is digitally adept and able to identify and report suspicious communications, added Jonathan Young, CIO, FDM Group.

“It’s also important to end the inherent blame culture, which often leaves employees reluctant to report mistakes due to fear of the consequences,” Young said.

“Additionally, employers should look to increase digital skills within the wider workforce, hiring in those with the necessary IT qualifications and ensuring existing workers are given access to the necessary refresher courses to develop their skills. Above all, staff should be treated as an IT security asset, rather than a risk.”

What’s Hot on Infosecurity Magazine?