UK Student Loans Company In The Crosshairs

Cyber criminals used a range of techniques, as well as malware, malicious emails and calls, in attempts to access confidential financial data belonging to students, in massive uptick in attacks in the past year. The UK Student Loans Company (SLC) was hit by nearly a million cyber-attacks in the past year, according to official figures.

In data released under Freedom of Information (FoI) legislation, The SLC revealed it was targeted in 965,639 attempts to infiltrate its systems in the 2017/18 financial year.

The findings, collated by the Parliament Street think tank, discovered these attacks were up from just three attempts in financial year 2015/16 and 95 in 2016/17, an increase of nearly 322,000 times in just two years.

The financial services and heath care sectors are among the most highly targeted sectors because of the rich set of personal and financial data they hold, which cyber attackers can use to steal money and commit other crimes.
 
Out of the attempts for the last financial year, only one attack was successful in breaching the system, according to the SLC. The company also reported 323 instances of malware and 235 malicious emails or calls in addition to the nearly one million “cyber-attacks”. Of those attempts, the SLC said 127 were not blocked, but dealt with as incidents. This number also contains the blocks at the perimeter, which is why it is significantly larger than previous years.

The number of Malware attempts was highest in 2016/17 at 1015 with 81 reports of malicious emails or calls.

Terry Ray, senior vice-president, at security firm Imperva, said it is no surprise that cyber criminals are relentlessly targeting the personal financial details of students, putting the wellbeing of tens of thousands of individuals at risk.

“Tackling this problem means investing heavily in the latest cyber security measures, to keep hackers out and limit the risk of a major data breach.”

However, there are growing calls within the security community for organisations to focus efforts not only on prevention, but also on detection and recovery. Cyber resilience is important and often cheaper than attack recovery, according to Greg Temm, chief information risk officer for the Financial Services, Information Sharing and Analysis Center (FS-ISAC).

“While organisations can’t always stop an attack, it can put steps in place to reduce the amount of time it takes to recover quickly, minimising impact and ultimately preserving customer trust and loyalty,” he said.

Computer Weekly

You Might Also Read:

Students Blamed For University & College Cyber Attacks:

« Foreign Hackers Target Canadian Government & Banks
Dubai Police Hold 2nd Annual Cybersecurity Challenge »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.