The Student Loans Company (SLC) was hit by nearly a million cyber attacks in the past year, according to official figures.
In data released under Freedom of Information (FoI) legislation, The SLC revealed it was targeted in 965,639 attempts to infiltrate its systems in the 2017/18 financial year.
The findings, collated by the Parliament Street think tank, discovered these attacks were up from just three attempts in financial year 2015/16 and 95 in 2016/17, an increase of nearly 322,000 times in just two years.
The financial services and heath care sectors are among the most highly targeted sectors because of the rich set of personal and financial data they hold, which cyber attackers can use to steal money and commit other crimes.
Out of the attempts for the last financial year, only one attack was successful in breaching the system, according to the SLC.
The company also reported 323 instances of malware and 235 malicious emails or calls in addition to the nearly one million “cyber attacks”.
Of those attempts, the SLC said 127 were not blocked, but dealt with as incidents. This number also contains the blocks at the perimeter, which is why it is significantly larger than previous years.
Read more about cyber resilience
- Look to frameworks, guidance and legislation to boost resilience.
- Resilience means preparing for unpreventable cyber threats.
- Patching, backup and access control key to resilience.
The number of Malware attempts was highest in 2016/17 at 1015 with 81 reports of malicious emails or calls.
Terry Ray, senior vice-president, at security firm Imperva, said it is no surprise that cyber criminals are relentlessly targeting the personal financial details of students, putting the wellbeing of tens of thousands of individuals at risk.
“Tackling this problem means investing heavily in the latest cyber security measures, to keep hackers out and limit the risk of a major data breach.”
However, there are growing calls within the security community for organisations to focus efforts not only on prevention, but also on detection and recovery.
Cyber resilience is important and often cheaper than attack recovery, according to Greg Temm, chief information risk officer for the Financial Services – Information Sharing and Analysis Center (FS-ISAC).
“While organisations can’t always stop an attack, it can put steps in place to reduce the amount of time it takes to recover quickly, minimising impact and ultimately preserving customer trust and loyalty,” he said.