It has been revealed that the UK’s Cabinet Office has boosted its cyber security spending by almost 500% in the most recent financial year (2020-21), splashing out £274,000 on training for staff including ethical hacking, digital forensics and cyber skills.
The revelations came amidst a series of security issues plaguing Whitehall, including CCTV being leaked by a whistleblower of former Health Secretary, Matt Hancock, embracing his aide during a period of social distancing. The data has been obtained by the Parliament Street think tank following a Freedom of Information (FOI) request.
The Cabinet Office, which is run by Michael Gove MP, and his close team of special advisers, is responsible for supporting the Prime Minister and Cabinet of the UK.
The full FOI response included a complete breakdown of the courses attended by Cabinet Office staff and revealed that 428 separate cyber training courses were booked in the period, compared to just 35 in the Financial Year of 2019-20.
By far the most popular course, which received 332 bookings, was for NCSP Foundation e-Learning – this course provides introductory level training on how to prevent, detect and respond to cyber-attacks.
The second most popular course was for a Foundation Certificate in Cyber Security, attended by 33 staffers in FY 20-21. 33 employees also attend this course in FY 19-20.
Some other cyber training courses attended during the year included training in ‘the art of hacking’, attended by 12; ‘digital forensics fundamentals’, attended by two; ‘ethical hacking’, attended by one. Also, four staffers underwent training to become a certified Lead Auditor, and one joined a ‘CyberSec First Responder’ course.
Cyber expert Andy Harcup, Senior Director at Gigamon, said: “The Cabinet Office is tasked with managing some of the most sensitive data imaginable, so increasing cyber training and resources is a wise move, particularly with hackers relentlessly targeting government departments. However, far too many public sector organisations continue to operate without full visibility into network traffic, making it harder to spot hostile threats and take action before the damage is done.
“Large organisations with overstretched IT teams require complete visibility in order to manage complex cloud environments as well as identifying security threats to keep critical data safe, so taking action in this area must be a top priority.”
In addition to the spending increase, the UK Cyber Security Council has recently launched its first two initiatives to help develop the profession under its mandate from the Government to develop the sector.
The Council has invited the 16 members of the Cyber Security Alliance – the group of organisations commissioned by DCMS to set up the Council – to apply for a role in determining the terms of reference for two significant, new committees: a Professional Standards & Ethics Committee and a Qualifications & Careers Committee.
Security specialist Edward Blake, Area Vice President EMEA, Absolute Software said: “It’s encouraging to see the Government levelling up its cyber defences, particularly at a time when recent CCTV leaks are raising fresh questions about security standards across Whitehall. In addition to training staff with the latest cyber skills, it’s also critical to ensure government devices containing confidential data like laptops are properly protected, so they can be tracked, wiped or frozen in the event of loss or theft. Additionally, staff should be urged to report incidents of data loss or suspected hacking with immediate effect so action can be taken to recover or remedy the situation.”
