Malicious email volume

The request was partially successful.

Dear British Council,

Please find below my FOI request regarding malicious emails sent to the department.

The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.

1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?

Yours faithfully,
Rebecca Moody

IG_Disclosures, British Council

Reference Number: FOI_2021_93.

12/11/2021

Dear Rebecca,

Thank you for your request for information. It is being dealt with under the terms of the Freedom of Information Act 2000 and will be answered within 20 working days.

If you have any further queries please do not hesitate to contact me.

Yours Sincerely,

Michelle Essiet | Information Governance Advisor (Disclosures) | Information Security, Governance & Risk Management

[email address]

https://www.britishcouncil.org/organisat...

The British Council is the United Kingdom's international organisation for cultural relations and educational opportunities. A registered charity: 209131 (England and Wales) SC037733 (Scotland). This message is for the use of the intended recipient(s) only and may contain confidential information. If you have received this message in error, please notify the sender and delete it. The British Council accepts no liability for loss or damage caused by viruses and other malware and you are advised to carry out a virus and malware check on any attachments contained in this message.

IG_Disclosures, British Council

Case Reference: FOI_2021_93

10 December 2021

Dear Rebecca,

Thank you for your request for information dated 11 November 2021 concerning malicious emails and ransomware attacks. Your request has been handled under the terms of the Freedom of Information Act (FOIA) 2000 and has been passed to me for reply.

For your ease of reference, I have restated your request below and have provided our response beneath each point.

The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.

1. How many malicious emails have been successfully blocked?
10219405
2. What percentage of malicious emails were opened by staff?
2.3%
3. What percentage of malicious links in the emails were clicked on by staff?
2.3%
4. How many ransomware attacks were blocked by the department?
13
5. How many ransomware attacks were successful?
0

I hope the information provided has been useful.

If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your original letter and should be addressed to:

Information Governance Advisor (Disclosures)
Information Governance and Risk Management
British Council
Bridgewater House
58 Whitworth Street
Manchester
M1 6BB
Email: [email address]

If you are not content with the outcome of the internal review, you have a right to appeal to the Information Commissioner for a decision at:

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113
Website: www.ico.org.uk

Yours sincerely

Lyndsey Mckenna | Information Governance Advisor (Disclosures) | Information Security, Governance & Risk Management | British Council

[email address]

https://www.britishcouncil.org/organisat...

show quoted sections

Hi Lyndsey,

Thank you very much for your prompt response.

Can I just check that the data is from 2018 to present? If so, is it possible to provide a year-by-year breakdown?

Yours sincerely,
Rebecca

IG_Disclosures, British Council

Hi Rebecca,

I can confirm that the data is from 2018 to present.

In order to provide a year-by-year breakdown I will need to treat that as a new FOI request. Do you want me to go ahead and do that?

Best wishes

Lyndsey Mckenna | Information Governance Advisor (Disclosures) | Information Security, Governance & Risk Management | British Council

[email address]

https://www.britishcouncil.org/organisat...

show quoted sections

Please, Lyndsey.

Thanks so much.

Rebecca

IG_Disclosures, British Council

Case Reference FOI_2021_100

 

Dear Rebecca,

 

Thank you for your request for information dated 22 December 2022 . It is
being dealt with under the terms of the Freedom of Information Act 2000
and will be answered within 20 working days.

 

If you have any further queries please do not hesitate to contact me.

 

Yours Sincerely,     

 

Stephen

 

Stephen Witkowski Information Governance Advisor (Archives and Disclosure)
| Information Security, Governance & Risk Management

 

[1][email address]

 

[2]https://www.britishcouncil.org/organisat...

 

 

show quoted sections

IG_Disclosures, British Council

Case Reference: FOI_2021_100

 

31 December 2021

 

Dear Rebecca

 

Thank you for your request for information dated 22 December 2021
concerning malicious emails. Your request has been handled under the terms
of the Freedom of Information Act (FOIA) 2000 and has been passed to me
for reply.

 

For your ease of reference, I have restated your request below in bold and
have provided our response highlighted in yellow.

 

Is it possible to provide a year-by-year breakdown [of malicious emails
and ransomware attacks]?

 

I can confirm that, as the logs are overwritten every ninety days, we do
not hold the information asked for.

 

If you are dissatisfied with the handling of your request, you have the
right to ask for an internal review. Internal review requests should be
submitted within two months of the date of receipt of the response to your
original letter and should be addressed to:

 

Information Governance Advisor (Disclosures)

Information Governance and Risk Management

British Council

Bridgewater House

58 Whitworth Street

Manchester

M1 6BB

Email: [1][email address]

 

If you are not content with the outcome of the internal review, you have a
right to appeal to the Information Commissioner for a decision at:

 

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Phone: 0303 123 1113

Website: [2]www.ico.org.uk

 

Yours sincerely,

 

Stephen

 

Stephen Witkowski Information Governance Advisor (Archives and
Disclosure)  | Information Security, Governance & Risk Management

British Council | Bridgewater House | 58 Whitworth Street | Manchester |
M1 6BB

 

T +44 (0)161 957 7403 | BCTN (Internal) 813 7403

[3][email address]

 

show quoted sections