- About us
- About colleges
-
Corporate services
- Corporate services
- Mental health and wellbeing
- AoC Student Engagement Charter
- Data Protection/GDPR
-
Employment Services - college workforce
- Employment Services - college workforce
- Employment: How we support members
- Introduction & Employment Helpline
- Absence & Sickness Management
- Contracts and T&Cs
- Disciplinary, Capability, Grievance & Harassment
- Equality, Diversity & Inclusion
- General Employee Relations & HR Issues
- Holiday/annual leave related
- Industrial Relations
- ONS reclassification related guidance
- Pay & Pensions
- Recruitment
- Redundancy, Restructuring & TUPE
- Safeguarding/Prevent
- Workforce Benchmarking, Surveys & Research
- Governance
-
Projects
- Projects
- Get Involved!
- Resources
- Contact the projects team
- Apprenticeship Workforce Development (AWD) Programme
- Creating a Greener London – Sustainable Construction Skills
- The 5Rs Approach to GCSE Maths Resits
- Creative Arts in FE 2025 – developing student voice through creativity
- Digital Roles Across Non-digital Industries
- GCSE Resits Hub Project
- Pears Foundation Youth Social Action Programme: Phase Two
- Pears Youth Social Action Programme - phase three
- T Level and T Level Foundation Year Provider Support Programme
- T Level Professional Development (TLPD) Offer
- The Valuing Enrichment Project
- Film London - Metro London Skills Cluster
- Empowering FE: enhancing skills with technology
- Empowering FE: enhancing skills with technology project - data protection privacy notice
- Resources/Guidance
- Sustainability & Climate Action Hub
- Partnerships
- Honours Nomination
- Brexit
- Ofsted Inspection Support
- AoC charters
-
Recruitment and consultancy
- Recruitment and consultancy
- Meet The Team
- Recruitment and consultancy: How we support members
- Executive Recruitment
- Interim Recruitment
- Governance Recruitment
- College Vacancies
- Consultancy
- The College Collective
- External Board Reviews
- AoC Jobs
- Recruitment and consultancy case studies
- Senior Post Holder Appraisal and Chair Review
- Chair Review
-
Events and training
- Events and training
- Events
- T Level and T Level Foundation Year Events
- Events and training: How we support members
- Network Meetings
- Previous Events and Webinars
- In-House Training
- Senior Leadership Development Programme
- Early Career and Experienced Managers' Programme
- Sponsorship and Exhibition Opportunities
- Funding and finance
-
Policy
- Policy
- Meet the Policy Team
- Policy: How we support members
- Policy Areas
- Policy Briefings
- Submissions
- Policy Papers & Reports
- AoC 2030 Group
- AoC Strategy Groups
-
AoC Reference Groups
- AoC Reference Groups
- 14-16 Reference Group
- 16-18 Reference Group
- Adults (inc. ESOL) Reference Group
- Apprenticeship Reference Group
- EDI Reference Group
- HE Reference Group
- HR Reference Group
- International Reference Group
- Mental Health Reference Group
- SEND Reference Group
- Sustainability & Climate Change Reference Group
- Technology Reference Group
- WorldSkills Reference Group
- Opportunity England
- Research unit
-
News, campaigns and parliament
- News, campaigns and parliament
- AoC Newsroom
- AoC Blogs
- Briefings
- AoC Campaigns
- College case studies
-
Comms advice and resources for colleges
- Comms advice and resources for colleges
- Media relations: 10 ways to build effective relationships with the media
- How to choose a PR agency
- Legal considerations for communications and media work
- How to plan for a new build
- Crisis communications: your go-to guide
- How to handle photo consent for media and marketing
- How to evaluate a PR and media campaign
- How to react to regulation, funding and restructuring issues
- How to react quickly and effectively to the media
- Working with the media: a complete guide
- How to write a compelling case study
- How to write for the web
- Communications, marketing and campaigns community
- Communications, media, marketing and research: how we support members
- Work in Parliament
- Election resources
-
Equality, diversity and inclusion
- Equality, diversity and inclusion
- Equality, diversity and inclusion blogs
- AoC’s Equity, Diversity and Inclusion Charter
- AoC’s Equity, Diversity and Inclusion Charter for further education sector organisations
- AoC’s Equity, Diversity and Inclusion Charter signatories
- Diversity in Leadership
- Black FE Leadership Group and AoC partnership agreement
- AoC's Equity Exchange
- Equality, diversity and inclusion: how we support members
- Equality, diversity and inclusion case studies
- ETF Inclusive Leadership Coaching Programme
- Equality, diversity and inclusion briefings
- AoC Sport Diversity and Inclusion Action Plan
- Home
- News, campaigns and parliament
- news views
- aoc blogs
- In the face of growing cyber threat, FE institutions must defend as one
In the face of growing cyber threat, FE institutions must defend as one
The growing risks – and how FE is responding
by Bella Abrams, Group Chief Technology Officer, Jisc
We know that cyber threat groups are continuing to target education and research globally. We are a sector under the microscope in more ways than one. As well as an increase in cyber threats and large scale distributed denial of service (DDoS) attacks, a lot of the tools and malware that were previously only available to nation states are now being used by organised criminal groups as well.
Fortunately, we know from our recent cyber posture surveys that our members are taking these threats seriously. Both the further education (FE) and higher education (HE) sectors have increased their investment in cyber security talent by 33% in the last three years.
We see that 77% of institutions list phishing as a key concern. Interestingly it tells us these institutions still feel their people could click on phishing links, which means they probably have not got as far as they would want to in enhancing their security culture.
During a cyber attack, a strong security culture can help you limit the damage. The quicker people realise that something has happened (or automatically detected by your security operations centre), the quicker incidents can be contained.
In a previous role in FE, my team went on a ‘phishing expedition’ and some staff had clicked the link. When we spoke with them, one of them said ‘yeah, it did look really suspicious – if it had been my personal email, I would never have clicked on it’.
That comment helped us understand how we as an organisation had failed. Student data, financial information, research data - all these things need to feel as valuable to our teams as their own money or data. Staff are your first line of defence, so a sense of shared responsibility is vital if you’re going to treat cyber security as an institution-wide issue.
The survey tells us that you are also more worried about risks in your supply chain – with good reason. We are all using a lot more systems that hold our data and other resources offsite. Using cloud services is great, but they come at the cost of increased risk.
As the survey shows, it is dangerous for organisations to think of cyber security as purely an IT and tech issue. Cyber security is fundamentally a people issue.
How to build a strong security culture
As Director of IT at the University of Sheffield, one of the ways we built that culture was by really focusing not just on the technical solutions but focusing on the value of what we were trying to protect.
The other thing we emphasised was the impact of cyber attacks, particularly the impact on the reputation of the organisation. Major cyber incidents affect how you're perceived by your customers, your stakeholders and your partners.
We were talking less about the incidents themselves and how the IT teams would resolve them but more about how we’d manage when it happened. How could we ensure business continuity? How would it affect student recruitment? How would it affect our processes, our partners? If we had to go back to paper, what would it that look like?
Stronger and safer together through Jisc
Amidst all this proliferating risk and the products and support that we already offer, we are encouraging members to think about making use of our new security operations service.
Feedback from our members tells us that there’s a shortage of staff, and often a lack of funding in the sector to invest in proper protection individually. In response, we've launched a product that allows us to do that for multiple institutions at scale. Our security operations centre (SOC) has been established to meet education and research needs in the face of this evolving threat landscape. Once onboarded, it operates on all your institution’s end systems and services, monitoring them 24/7.
We can see the traffic on your network, and if it’s suspicious, we can stop it. We also provide local teams in the event of a cyber incident who’ll come in and help you clean up as quickly as possible to get your systems back online.
The Jisc SOC is an education SOC, integrated with Janet, the national research and education network (NREN), allowing us to identify and defend against sector-wide threats and lateral movement from institution to institution.
When everyone is secure, we are all better off. You are only as safe as your weakest link.
Running Janet gives us at Jisc a huge responsibility to work well with you all. Having an engaged community and a clear set of security products allows us to work together to defend as one.
As well as considering the SOC, I’d like to encourage you to join Jisc’s cyber security community group. It’s a group of over 2,600 professionals, from chief information security officers, to CEOs, to technical staff. The community provides training sessions on business continuity, incident response, best practice, and holds quarterly and annual threat briefings.
When I was an IT director, that sense that you are not alone was always really important to me and this community is one way to achieve that. It helped me see the sector as a place where you can share information, get good advice, think about the right products and services to mitigate risk, and make sure that the value of what we do – teaching, research, supporting our students – remains secure.