Staff at the Student Loans Company (SLC) have completed almost 20,000 cybersecurity training courses in the last two financial years (FY), according to data obtained via a Freedom of Information (FoI) request submitted by Griffin Law.
A total 9,334 programmes were completed in FY 19/20, followed by 10,142 cybersecurity course completions in 20/21. With a workforce that is just over 3,300 strong, many SLC staffers have attended multiple training programmes.
The organisation has spent more than £76,800 on cybersecurity education for employees over the two years, coaching them in specialist areas such as phishing, password protection, bribery, corruption, and privacy standards.
The news comes days after the National Cyber Security Centre (NCSC) published an alert in response to a surge in ransomware targeting the education sector (4 June). The warning notes that the NCSC is investigating another increase in attacks as of late May/June this year. The alert was first issued in September 2020, before being updated again in March this year.
On the upswing of cyber-attacks across education institutes, Edward Blake, area vice-president of Absolute Software, commented: “The education sector is a top target for hackers, who are undoubtedly looking to seize control of the goldmine of invaluable information stored on its servers. What’s more, with remote learning still in force, there will be more devices on the move than ever before, creating the perfect opportunity for device theft and cyber breaches.”
In other news: App builders boosted by new Apple tools and technologies
The ‘Anti-Money Laundering’ programme spurred the biggest uptake among SLC staff across both years, with 3,321 taking part in FY 19/20, and 3,249 in FY 20/21. ‘Counter Fraud and Bribery Corruption’ proved to be the second-most popular training stream, with 3,044 participating in FY 19/20 and 3,215 in 20/21. ‘Protection Information’ came in third, drawing 2,941 employees in FY 19/20 and 3,181 the following year.
The ‘Role of the Security Manager Security Masterclass’ increased in demand between the two years, drawing 142 total attendees in FY 20/21 compared to just 20 the previous year.
The remaining courses were only offered in the most recent FY, including: ‘Defending SLC from Phishing Attacks’, with 63 participants; ‘Power to your Passwords’, with 72 attendees; ‘Working from Home Securely’, which drew 189 staff members. Uptake in these programmes was likely influenced by the pandemic.
Thirty-nine of the participants recorded in the data were training for specific full-time roles in the SLC’s Technology Group Security Team, and Information Governance and Compliance Team. This included, among other things, training to become a CompTIA cybersecurity analyst, an AWS security engineer, and a certified information privacy manager.
Chris Ross, security expert and senior vice-president at Barracuda Networks, said it’s “encouraging to see the SLC making a proactive effort to equip and train its employees with the latest cybersecurity skills, especially given the high volume of financial data it is tasked with managing”. Ross added that it’s important for such training investments to be supported by systems that can “identify and quarantine malicious attacks before they reach the inbox of employees”, on top of having the necessary “backup systems in place in the event of a ransomware attack”.