The Luminate Education Grouo (LEG) t have been hit by a cyber-attack, affecting thousands of students. Luminate Education Group (LEG), which includes Leeds City College (LCC), said the attack had caused “operational disruption” to its IT infrastructure.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Educational institutions remain an attractive and lucrative target simply because targeting them works. They are increasingly chosen due to their unfortunate inability to restore quickly, unlike lots of other organisations. Therefore, they come with a higher chance of paying the demands.
Furthermore, these institutes tend to be targeted in August due to the increased stress they are under regarding current and future students. Such time-based factors add increased pressure to getting back up and running, which increases the likelihood of threat actors reaping the rewards.
Offsite backups and employee awareness are vital ways to protect data, but can be expensive. However, the price to pay ransom demands will usually be far higher than any prevention measures in place.
The escalation of ransomware attacks on UK further education is a worrisome trend, and unfortunately not something we see any signs of abating soon. Though further education may not have the reputation for financial clout which banks have, they still remain a prominent target for cyber criminals.
Colleges have a large number of “access points”, with tens of thousands of different students and teachers accessing applications and systems from a diverse selection of geographical locations as a result of the pandemic, with many institutions still holding a great deal of legacy software and hardware. This, in combination with underfilled budgets, overstretched IT teams, and the mammoth amount of personal data which these institutions hold, makes them a tantalizing target for cybercriminals. But with so much valuable student data at risk, you can see why institutions in further education are more likely to pay up than other institutions – even though this type of action only serves to encourage future attacks and fund crime.·
A better, more nuanced solution involves planning for these attacks by creating a “crisis team” of leadership involving IT leaders and department heads, teaching the fundamental importance of good cyber hygiene to all staff and students, and making the best choices with whatever IT budget you have. Further education may be best served by searching for solutions which integrate cybersecurity and data protection with a centrally managed console, as this offers lower costs and a level of simplicity than can help smaller education IT teams. With our research finding that 88% of UK consumers expect monetary compensation in response to being affected by a ransomware attack, further education may have very good reason to take whatever steps are necessary to stop these attacks slipping through.