The National Gallery was subjected to nearly two million email cyber-attacks last year, official data received by Absolute Software has revealed. Obtained via a Freedom of Information request, the figures displayed the lengths cyber-criminals went to try and steal the personal and financial data of members of the major tourist attraction.
The gallery, which attracts over five million visitors every year, was hit by an astonishing total of 1,875,250 email cyber-attacks in 2019. These came in a variety of forms, including spam and virus attempts.
Andy Harcup, vice-president, Absolute Software, said: “It’s clear that cyber-criminals are mastering the art of malicious email attacks, designed to infiltrate the National Gallery and steal confidential data. With millions of visitors every year and tens of thousands of members, it’s vital that London’s leading tourist hotspots have the right systems in place to protect devices from infiltration.”
The charity, which is a non-departmental public body of the Department for Digital, Culture, Media and Sport, prevented a wide range of sophisticated attacks from reaching their destination. The gallery’s blocked email addresses software was able to quarantine 1,176,656 different attack attempts, while its detection software blocked 18,378 spam emails and 443,741 attempted connection emails. A further 179,844 emails were stopped under the category of anti-spoofing lockout and 10,959 were registered as manual envelope rejection. Finally, another 2810 emails were blocked under the category of Simple Mail Transfer Protocol (SMTP).
“With many major museums now closed due to the COVID-19 outbreak, it’s critical that enterprises have full visibility of the assets allocated to remote workers as well as always having control of those assets in case of the need to take action,” added Harcup.
“It is also necessary to ensure that critical end-point cybersecurity and connectivity controls such as encryption, anti-malware and VPN client software are present and connected. The ability to lock down an endpoint and ensure the safety of the data contained on it in any emergency should be a top priority for any IT team.”