Growing call for cyber security training in UK education sector

Recent insights from Ofqual, the body responsible for overseeing qualifications and assessments in England, have drawn attention to the pressing necessity of integrating cyber security training within the educational sector. This development underscores an increasing recognition of the cyber threats facing various sectors, not only education but also healthcare and transport.

Andrew Rose, Chief Security Officer at SoSafe, highlighted the importance of a balanced approach to cyber security. Having amassed over 25 years of experience across numerous prominent institutions, Rose underscored that effective cyber protection requires a blend of technological enhancements and human-centric strategies. He stated that by prioritising human risk management, which involves changing awareness, behaviour, and culture, organisations can significantly reduce cyber risks. This approach, according to Rose, is more cost-effective and robust than relying solely on technological upgrades. "A resilient and proactive security posture cannot be achieved by technology alone," he emphasised.

As Cybersecurity Awareness Month commences, Jon Fielding, Managing Director for EMEA at Apricorn, echoed similar sentiments by pointing out the critical need for continuous vigilance in cyber security processes. He noted that, despite the urgency for robust cybersecurity measures, the topic is frequently approached as a mere formality, especially in environments where financial resources are constrained. Fielding pointed out that insider threats, whether malicious or unintentional, pose significant risks and that a culture embodying transparency and accountability is vital to empowering employees to actively participate in safeguarding data.

Fielding further remarked on the inevitability of cyber breaches, stressing that organisations should invest beyond preventive measures. He advocated for strong incident response plans, supported by comprehensive data backup strategies. With reference to the ransom attack on UnitedHealth earlier this year, he highlighted how insufficient backup processes could lead to dire consequences, underlining that regular data backups are not just a best practice but a necessity. Apricorn's own survey revealed that only 25% of organisations were able to fully recover their data following a breach, illustrating the crucial need for a robust backup strategy adherent to the '3-2-1 rule'. This rule involves maintaining at least three data copies stored on different media, including one offsite, ensuring continuity in case of an incident. Fielding concluded that such protective measures could mean the difference between a minor disruption and a catastrophic failure.

The recent updates and perspectives from sector experts like Andrew Rose and Jon Fielding underscore a common theme—while technological advances are vital in the combat against cyber threats, significant emphasis must be placed on human intervention and strategic planning. Both education on risks and effective response strategies are essential for minimising potential threats and ensuring data security across industries.