Department for Education boosts cyber training in major security revamp
The Department for Education overhauled its security investment in the most recent financial year (FY 20-21), by increasing security courses on offer to staff from four to 44. Additionally, course participants surged from just under 7,000 in FY 19-20, to over 30,000 this year, a 329% increase.
These figures were obtained under the Freedom of Information act and analysed by a Parliament Street think tank. The data also revealed that total cyber training spend increased from £1,996 in FY 19-20, to £31,960 in FY 20-21, which is an increase of over 1,400%.
A majority of the course attendees completed a series of basic cyber security e-learning sessions, including a simulated cyber attack course with remedial phishing training. These courses were attended by 23,419 total participants, however this figure does not reflect the total number of individual staff members, as it’s possible that multiple staff members participated in multiple sessions.
Many of the e-learning courses were free-of-charge to the Department for Education, as they were part of the Department’s overall arrangement with Civil Service Learning or was carried out using internal DfE tools and resources. The second most popular e-learning training course was ‘Reporting Phishing’, which educated staffers on how and when to report suspicious emails.
The Department for Education also spent over £30,000 on 17 specialised training courses and exams for some of its staffers – these included courses on Information Systems, Security Risk Management and Microsoft 365 Fundamentals. Many of these paid for training sessions led to official qualifications for staffers, such as the SABSA Chartered Security Architect Foundation Certificate, PRINCE 2 Agile Foundation & Practitioner Certificates in Agile Project Management, and Cisco Certified Network Associate.
For comparison, just two specialised training courses were undertaken by staffers in FY 19-20 including Certified Information Security Manager training course, and the CompTIA Security+ exam qualification.
Edward Blake, area vice president EMEA, for Absolute Software commented: “The Department for Education’s boosted investiture into staff training likely reflects a positive attempt to combat surging cyber threat levels targeting the education sector in the wake of the pandemic and remote learning.
"Many public sector organisations are afflicted with a widening digital skills gap, and it’s encouraging to see significant investment into security training to try and turn a major weakness into a strength. This investment is particularly important as services become increasingly digitalised and thus cyber threat levels targeting staffers, students and alumni is likely to continue its skyward trajectory, even as the pandemic subsides.”