Why is the UK education sector suffering more cyberattacks and how we can help?

In June of this year, the UK’s National Cyber Security Centre (NCSC) alerted schools, colleges and universities to a significant rise in ransomware attacks as cyber-criminals look to exploit holes in previously secure networks, weakened by distance learning requirements.  

This latest warning came after a bleak March for the sector, which witnessed a ransomware attack on the Harris Federation, which runs 50 schools and the Castle School Education Trust was hit by a sophisticated ransomware attack that left 23 schools without access to their IT system.

Also, in the same month, the Cambridge Meridian Academies Trust’s 17 schools were disrupted by a ransomware attack and the Nova Education Trust in Nottingham was forced to disable IT systems at 15 schools following an attack.

Whilst it is obvious these institutions hold a lot of data about staff, pupils, coursework, exams and Ofsted inspections, all of which is highly sensitive, this data in itself is likely to have little value for the criminals. Their intention is to cause panic and hope a ransom is paid quickly to prevent the data being permanently encrypted or deleted.

A perfect storm of security compromises?

Educational establishments will undoubtedly progress their return to on-site teaching, but the need to embrace remote learning during the pandemic resulted in the network perimeter being extended to include thousands of personal devices beyond the control of the in-house IT team. 

When lots of people access the networks with a variety of laptops, tablets and smartphones for cloud-based services for classes, most of whom will have little experience of cyberattacks, inevitably cyber criminals are provided plenty of opportunities to slip some ransomware into the system. 

The future of education appears to include a blended approach to learning, which ensures the security risk is likely to continue, at least in the short term, with IT managers facing a significantly different challenge and often without a full-time IT security resource.

It is expected that phishing will continue to be the attack method of choice for most attackers, with many apps used by students commonly used by threat actors to deliver their campaigns, particularly via mobiles, where it is easier to hide the intent of a phishing attempt.

As well as phishing, the NCSC warning listed attacks via remote desktop protocol, virtual private networks, leveraging unpatched or insecure devices, weak passwords or a lack of multi-factor authentication.

Whilst there are many reasons to explain the slow transition to Cloud services for many Schools and Colleges, this growing threat from cyber criminals is likely to accelerate the move, with particular attention given to security, backups and disaster recovery solutions.

What can be done to counter the attacks?

The first and most important step in countering phishing attacks is ironically, education. Explaining carefully the anatomy of an attack and what students, teachers and administrators must be aware of will be critical to any educational establishment’s cyber security defences.

Educating users, young and old alike, about password security will also be important. Creating strong passwords and understanding the need to change them regularly will help reduce the risk of a successful attack.

These simple steps will only reduce, not eliminate the risk, which is why the NCSC recommends educational establishments adopt a ‘defence in depth’ strategy to security. A layered approach, that starts with strong network firewalls, but includes regular vulnerability scanning, threat intelligence and protection against malware, viruses and unknown zero-day threats will cut the risks still further.

Given the need for much tighter security and a lack of specialist resources within many educational establishments, the appeal of Cloud solutions such as Amazon Web Services (AWS) is obvious. 

AWS has created a number of security services and management tools to help protect both your data and your environment against vulnerabilities and threats, but implementing them all effectively, can be tough if you do not have the specialist skills or experience. We do.

If you want to discover how best to protect your school, college or university from cyberattack, please get in touch and we’ll listen carefully to the challenges you face then explain how CirrusHQ Managed Services can help.

Contact our team today on  0131 208 0284 or email enquiries@cirrushq.com