Some interesting research from security outfit Proofpoint was published this morning which reveals that unsolicited email heading towards users in the UK is three times more likely to contain malicious URLs than that destined for users in the United States, or Germany, or France for that matter.
It's not, as you may think at first glance, just a matter of the UK getting more spam. The research conducted over the summer, using the US as a baseline, shows Germany getting more spam as a percentage than the UK, US and France. The prevalence of spam and malicious URLs in the total email traffic are not, Proofpoint conclude, therefore correlated. Instead, UK users are being targeted with less spam but with a higher volume of infected spam. Compared to Germany, as much as five times as high in fact. Which begs the question 'why are cybercriminals targeting the UK so relentlessly when compared to other nations?'
Kevin Epstein, VP of Advanced Security & Governance at Proofpoint, doesn't think the answer is all that difficult. If the evidence points, relative to other countries in the report, that there are a startlingly high number of targeted attacks against the UK then given the almost universal financial motivation behind them "this strongly suggests cybercriminals have found UK organizations to be an unusually lucrative target" he insists.
Not that Epstein thinks non-UK email users should be complacent about the level of risk as he says that lower phishing volumes do not appear to have translated into lower criminal impact. "Over 29 million Germans have fallen victim to cybercrime" Epstein says "that's almost 40% of the population." Indeed, Epstein reckons that, historically and taking into account a summer lull in criminal activity, the German economy is the most targeted and most affected by cybercrime worldwide when measured against gross national product. Summing up, he concludes that "the results from France, Germany and the US are not particularly low; rather, the UK is unusually high."