Ofwat, the water providers regulator for England and Wales, has revealed that it has acquired over 20,000 spam and phishing emails thus far this yr.

The Water Companies Regulation Authority (higher often known as Ofwat) which is the federal government division chargeable for regulating the privatised water and sewage trade in England and Wales, stated it had acquired 21,486 malicious emails thus far this yr – with 5,149 categorized as phishing assaults.

At first look that sounds fairly dangerous for such a brief time period, particularly when you think about that Ofwat solely employs 266 folks. However is it?

Dig a little bit deeper into the story revealed in Computing and also you uncover that Ofwat says that it efficiently blocked all 21,486 of the malicious emails.

In different phrases, the quantity might have been 10 and even 100 instances bigger and it wouldn’t actually have been a lot of a problem. In any case, who actually cares simply how a lot electronic mail your servers are receiving (inside motive!) in case your safety answer operating on the electronic mail gateway is correcting junking earlier than they trouble any customers?

If something, I discover the declare that 100% of all spam and phishing emails have been blocked a little bit too good to be true.

Ofwat’s electronic mail statistics have been uncovered following a Freedom of Info (FOI) request by the Parliament Road assume tank. My hunch is that when requested to disclose what number of phishing emails and spam emails that they had acquired, they merely went to their electronic mail gateway logs and picked up the info from their anti-spam filter.

That might, in fact, let you know what number of spam and phishing emails it had accurately detected and blocked. However it wouldn’t let you know how a lot malicious electronic mail the anti-spam filter had missed, and had efficiently waltzed its means via to a consumer’s inbox.

Understanding how a lot undesirable electronic mail has been efficiently detected and blocked on the gateway would possibly enable you attempt to decide if there’s a pattern, nevertheless it doesn’t let you know how a lot is getting via.

And it’s the malicious emails that make it via to the consumer that are, in fact, the most important concern. Are we actually to imagine that no-one at Ofwat has acquired a spam message or phishing electronic mail of their inbox thus far this yr? I’d discover that extraordinary if true.

Understanding the true stage of the issue is necessary, in fact, because it helps organisations decide whether or not they’re placing sufficient assets into cybersecurity, and whether or not current measures are working efficiently.

And it’s significantly necessary when the general public faces headlines from the NCSC about the necessity to safe sensible cities, and defend crucial public providers – comparable to water – from the specter of cyber assault.

In that context it is likely to be straightforward for most of the people in England and Wales to fret concerning the tens of 1000’s of malicious emails they hear are flooding into the water regulator. However don’t neglect that Ofwat doesn’t truly management any water programs – it simply regulates the water trade.

After all, a malicious hacker who managed to penetrate Ofwat’s pc community and pose as an Ofwat worker would possibly have the ability to then ship malicious emails to corporations which work within the trade, which could have entry to such crucial programs. However that’s one additional step eliminated.

Briefly, I’m undecided whether or not we ought to be happy or not concerning the statistics gathered from Ofwat’s response to the FOI request, because it appears like we’re not getting a transparent image of what’s actually occurring. The stats make a pleasant headline, however don’t actually inform us something.

The Parliament Road assume tank has made headlines with its FOI requests prior to now. For example, earlier this yr it revealed via an identical FOI request that NHS workers had been despatched 137,476 undesirable emails (27,958 categorized as phishing emails, and 109,491 suspected of being spam) throughout 2020.

With the NHS in England using over a million folks, I’ve to be skeptical as as to if these figures – identical to these derived from Ofwat – are really consultant of the size of the issue.

It is vital for us to grasp the size of the issue going through nationwide our bodies comparable to Ofwat and the NHS, however easy counts of blocked emails muddy the waters.

Editor’s Observe: The opinions expressed on this visitor writer article are solely these of the contributor, and don’t essentially replicate these of Tripwire, Inc