HM Revenue & Customs, the tax authority of the UK government, and the most impersonated organisation in the country for cyber scams, is training its employees in the art and science of hacking digital devices.
The Covid-19 crisis has sparked a 73% surge in branded phishing scams against the beleaguered agency.
Go deeper with GlobalData
HMRC has spent £262,251 on cyber security training for its staff over the two most recent financial years, according to official figures.
This data was obtained and analysed under the Freedom of Information (FOI) act by the Parliament Street think tank. The FOI response from HMRC revealed that £150,456 was spent on security training in FY 19-20, compared to £111,795 in the most recent financial year.
This equated to 80 training enrolments in FY 20-21, and 69 in FY 19-20 for staffers operating in the Chief Digital and Information Officer Group.
All HMRC staff were made to complete a compulsory course on ‘Phishing attacks’, which was free of charge.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataMost popular course: the Art of Hacking
The most popular security training course among staffers in the Chief Digital and Information Officer Group was to become certified in the Art of Hacking, which saw 12 attendants for a cost of £15,978.
The most expensive security training course in FY 20-21, which was not available in FY 19-20, was a residential course to become a Certified Cloud Security Professional. This cost £34,103 to train seven staffers.
Additionally, 11 staffers went on a six-day bootcamp to become a Certified Information Systems Security Professional, two trained to become certified in Ethical Hacking, and nine enrolled in an ‘introduction to Cyber Security’ course.
According to experts in the cyber security field, HMRC should be commended for their investment in continued training for all staff.
Security expert Edward Blake, Area Vice President EMEA, Absolute Software, said:
“Organisations which handle large volumes of personal financial information like HMRC are a top target for cyber criminals, so ensuring staff are fully trained with the latest cyber skills is essential to prevent a potential data breach.
With the Covid-19 pandemic forcing many employees to work from home, it’s also critical that organisations like HMRC ensure they have complete visibility into the security standards across all devices such as laptops, to ensure encryption is turned on and cyber protection is in place for each and every employee.
It’s also important that organisations can track, freeze and wipe lost or stolen devices, in the event of loss or theft, to keep taxpayer data completely safe from outsider threats.”
Cyber specialist Tim Sadler, CEO of Tessian, said:
“Security training plays an extremely important role, but it needs to be more than just a compulsory, one-off session if the learnings are going to stick. As companies invest heavily in security training, they must ensure that the programmes resonate and help employees think twice before clicking on a scam.
“It’s telling that staff were most interested in a training course on the art of hacking. Research shows that people learn best when training is relevant and contextual. So, educating staff in the ways they could be targeted in phishing emails and teaching them the techniques that cybercriminals use to trick them, is a really effective way of raising awareness of threats and helping people to realise they are being scammed.
“It’s a shift away from how training has traditionally been delivered, but it’ll drive lasting behavioural changes as a result.”
