The Student Loans Company (SLC) has spent over 76,800 pounds on cyber security training for its staffers, over the two most recent financial years (FY 19/20, FY 20/21), according to official figures. The data obtained and analysed using the Freedom of Information (FOI) Act by Griffin Law, the niche litigation practice, shows that nearly 20,000 specialist courses were completed in areas, such as phishing, password protection, bribery, corruption, and privacy standards. The data shows that 9,334 cyber courses were completed in FY 19/20, with 10,142 courses completed in FY 20/21. The SLC has just over 3,300 staff, meaning many participants attended multiple courses. Ransomware threat for UK Education Sector The most popular course across both years was for ‘Anti-Money Laundering’ This news arrives just a few days after the National Cyber Security Centre raised a new cyber alert around the surging ransomware threat, facing the UK Education Sector. The most popular course across both years was for ‘Anti-Money Laundering’, which saw 3,321 participants in FY 19/20, and 3,249 participants in FY 20/21. The second most popular course was for ‘Counter Fraud and Bribery Corruption’, drawing in 3,044 attendees in FY 19/20 and 3,215 participants in FY 20/21, and the ‘Protection Information’ course was attended by 2,941 and 3,181 staffers, respectively, across both years. Cyber security training courses Another course, the ‘Role of the Security Manager - Security Masterclass’, surged from 20 attendants in FY 19/20 to 142 in FY 20/21. Most of the remaining courses were only introduced to staffers in the most recent financial year. These include: ‘Defending SLC from Phishing Attacks’ course, attended by 63 participants; ‘Power to your Passwords’ course, attended by 72 participants; and ‘Working from Home Securely’ course, attended by 189 participants. These courses were most likely influenced by the COVID-19 pandemic. Technology Group Security Team Finally, 39 of the recorded participants were training for specific full-time positions in SLC’s Technology Group Security Team and Information Governance and Compliance Team. This included training to become a CompTIA Cyber Security Analyst, an AWS Security Engineer and Certified Information Privacy Manager, among others. Interestingly, the role-specific training took up most of SLC’s cyber training budget, costing them 52,493.50 pounds, out of the total 76,800 pounds budget expenditure. Rise in cyber threats during COVID-19 period The cyber threat facing employees has surged over the course of the COVID-19 pandemic" Security expert Chris Ross, Senior Vice President at Barracuda Networks commented, “The cyber threat facing employees has surged over the course of the COVID-19 pandemic. Our own research even revealed a disproportionate quantity of email phishing attacks targeting organisations in the education sector, in an effort to steal personal data, while millions are forced to work and learn from home. This threat has also been exacerbated by the cyber skills gap across the UK, with a widening shortage of certified security professionals leaving many organisations vulnerable to the surging cyber threat levels.” Chris Ross adds, “It is encouraging to see the SLC making a proactive effort to equip and train its employees with the latest cyber security skills, especially given the high volume of financial data it is tasked with managing. This effort must be supported by the necessary cyber protection systems to identify and quarantine malicious attacks, before they reach the inbox of employees, as well as having the right backup systems in place, in the event of a ransomware attack.” Importance of Security Awareness Training Cyber expert, Tim Sadler, the Chief Executive Officer (CEO) at Tessian stated, “Whilst Security Awareness Training is extremely important, it is just as important that organisations understand exactly how to implement it, so that it is effective, addresses the right issues, and is not forgotten. Too many security training sessions today are tick box sessions designed to appease shareholders, regulators and customers.” Tim Sadler adds, “This is why businesses must ensure that they adopt a new approach, one that is automated, in-the-moment, and long lasting, with training, which is tailored to each user and addresses specific security weaknesses, effecting a user or a business.” Securing the education sector from cyber attacks Edward Blake, Area Vice President for Absolute Software, stated “The education sector is a top target for hackers, who are undoubtedly looking to seize control of the goldmine of invaluable information stored on its servers. What’s more, with remote learning still in force, there will be more devices on the move than ever before, creating the perfect opportunity for device theft and cyber breaches.” Edward Blake adds, “As well as security training, all potential targets in the education sector, including staffers and students, must equip their devices with resilient end point security software that allows an allocated security officer to freeze, control or lockdown any breached devices, so that a stolen device does not necessarily equate to a breach of data.”
Human Layer Security company Tessian announces that it has raised $65 million in Series C venture capital funding to accelerate its mission of quantifying and preventing human risk in global enterprises, and empowering people to do their best work without security getting in the way. The round is led by March Capital, a venture-growth firm which has previously invested in cybersecurity unicorns such as CrowdStrike and KnowBe4. Existing Tessian investors Accel, Balderton Capital, Latitude and Sequoia Capital also participated in the Series C funding round, along with new investor Schroder Adveq, bringing Tessian’s total funding to-date over $120 million. The deal values Tessian at $500 million. Tessian is pioneering a new approach to cybersecurity and defining a new category of security software called Human Layer Security. Today, 90% of today’s data breaches are caused by some form of human error because, for decades, cybersecurity software has focused on the machine layer of an organisation and not the most vulnerable asset: the people. Behavioural Intelligence Models While organisations have traditionally relied on training programs or restricting people’s access to data and systems to overcome the so-called “people problem” in security, Tessian uses machine learning to stop data breaches and security threats caused by human error - without disrupting employee workflow. It builds Behavioural Intelligence Models, tailored to every employee, by analysing individuals’ communication patterns and behaviours online. Tessian uses the models to automatically detect security threats and prevents them from turning into breaches by notifying the employee of the risk in the moment. Over time, these alerts help employees improve their security behaviours. Tessian uses the models to automatically detect security threats and prevents them from turning into breaches Today, Tessian secures people on email - where they spend over 40% of their time at work - and automatically prevents threats such as phishing, business email compromise, data exfiltration and accidental data loss. After deploying Tessian, enterprises see, on average, an 84% reduction in data exfiltration and phishing simulation click-through rates drop to less than 1%. Human-activated security risks The need for greater visibility of human-activated security risks, and mitigations of these threats, was brought into sharp focus last year following the shift to remote work. Research revealed that employees were less likely to follow safe data practices when working from home, while the number of phishing attacks doubled in 2020. In fact, in the last year, Tessian tripled its Fortune 500-level customer base as enterprises required a solution that could protect them against human layer security threats. Tessian now has approximately 350 global customers across the legal, financial services, healthcare and technology sectors including Affirm, Investec and RealPage. One customer, Tim Fitzgerald, CISO at Arm said, “The security of our operations and data is paramount to the success of Arm, and we’re committed to empowering our people to make sound security decisions while doing their jobs effectively. The concept of human layer security is becoming a critical part of doing business today.” “Tessian enables us to reduce risk across the organisation by providing valuable tools and knowledge to not only stop threats like advanced phishing attacks and accidental data loss, but also continually improve the security behaviours of our teams as the threat landscape evolves.” Data loss prevention solutions With the new funding, Tessian will expand its platform’s capabilities, helping companies replace their secure email gateways and legacy data loss prevention solutions, and will soon expand beyond email to secure other interfaces like messaging, web and collaboration platforms. Tessian will also use the funding to triple its rapidly growing employee base, with a particular focus on growing its sales team in North America. Human activity, whether inadvertent or malicious, is the leading cause of data breaches" Jamie Montgomery, Co-Founder and Managing Partner at March Capital said, “Human activity, whether inadvertent or malicious, is the leading cause of data breaches. In Tessian, we found a best-in-class solution that automatically stops threats in real-time, without disrupting the normal flow of business. It is rare to hear such overwhelmingly positive feedback from CISOs and business users alike. We came to the same conclusion; Tessian is rapidly emerging as the leader in human layer security for the enterprise.” Series C Tim Sadler, Co-Founder and CEO at Tessian said, “In the same way we have firewalls to secure networks, and endpoint detection and response platforms to secure devices, enterprises now need advanced security technology to secure their people.” “People make 35,000 decisions every day; it just takes one wrong decision or one instance of human error for an employee to cause a catastrophic security breach. We’re tackling the biggest threat to enterprise security, and are thrilled to partner with March Capital on our Series C and have them join our mission to secure the human layer.” Tessian’s funding announcement closely follows the news that Ramin Sayer, CEO and President of Sumo Logic, has joined Tessian’s Board of Directors.