As the new academic year approaches, school leaders are being cautioned by the National Cyber Security Centre (NCSC) to prepare for potential cyberattacks. The Centre has emphasized the necessity of implementing “appropriate security measures” to safeguard against these threats and avoid disruptions. While there’s no current indication of an elevated threat level as schools resume, the timing could amplify the impact of any cyber incident.
Don Smith, vice president of the counter-threat unit at Secureworks, explained to Sky News how the onset of a new school term, combined with activities like account creations and the use of portable devices, can introduce vulnerabilities. He stated, “Summer is a period when many use their devices for leisure activities, which might lead to them getting infected. If schools permit devices to be taken home or allow personal devices, these can introduce malware into school networks.”
Last year, a cyberattack crippled six schools within an academy trust in Hertfordshire just a few weeks into the term. More recently, Debenham High School in Suffolk had all of its computer systems knocked offline due to a hack, causing technicians to race against time for restoration before classes commenced.
While concentrated cyber campaigns typically don’t target schools as they do businesses, educational institutions are still seen as appealing, opportunistic targets due to generally weaker defenses. According to Smith, budget constraints often result in inadequate cybersecurity measures in schools. He emphasized the importance of “basic digital hygiene” and suggested practices like two-factor authentication and regular software updates.
Smith further remarked, “Users are the frontline defenders in cybersecurity. It’s vital for everyone, including students and teachers, to understand the importance of strong passwords, to be cautious of suspicious downloads, and to recognize phishing attempts.”
Recent international research involving University College London revealed that 15% of 15-year-olds might respond to a phishing email, a percentage that rises among teenagers from disadvantaged backgrounds. Professor John Jerrim, a study contributor, indicated the necessity of equipping teenagers to navigate the intricate and perilous digital realm.
The NCSC, an affiliate of GCHQ, has previously signaled a surge in ransomware attacks targeting the educational sector. Such attacks involve hackers infiltrating systems and blocking access until a ransom is paid. Cybersecurity firm SonicWall reported that while ransomware attacks saw a decline in early 2023, there has been a noticeable increase recently.
Debenham High School’s recent cyber incident further underscores the urgency. In a communication to parents, Headteacher Simon Martin informed them of the ongoing restoration efforts, adding, “We’re assured by our support team that the restoration should be quicker due to the precautions we’ve taken.” He also alleviated concerns about student assignments done over the holidays being inaccessible, reassuring that the staff is cognizant of the situation.
This incident serves as a stark reminder of the digital challenges schools face and the importance of bolstering cybersecurity measures.
As the new academic year begins, schools are again warned against cyberattack threats as they remain a prime target due to the valuable data they hold and their typically less-than-robust cybersecurity practices.
With the NCSC advising “appropriate security measures” to be put in place, schools must evaluate their incident response plans and always be ready to face cyber threats – especially at the start of a term when new students are connecting devices to school networks that often lack sufficient security controls, leaving school systems vulnerable to attacks.
Recent incidents such as the Debenham High School and Suffolk School attacks, which took systems offline just as schools returned, highlight the need to enhance security measures, prioritise automation, strong access controls and establish robust backup solutions to prevent or minimise impact on students’ education.
“The schools in the UK are under attack and it is essential they put the NCSC’s recommendations for the education into practice because more incidents are clearly on the horizon.
Based on the information available, it sounds like criminals have accessed data belonging to Maiden Erlegh, but it’s not clear what this was. If it relates to pupils, this will rightly cause serious concern from parents who will be worried about what could happen to the data or where it could end up. The letter to parents also doesn’t say whether the attack will halt the start of term, so it sounds like investigations and mitigations are actively underway.
In the wake of this attack, other schools must learn from the incident and immediately work to bolster their cyber defences. With most ransomware attacks being executed through phishing, it is essential to educate staff on the threat and make it harder for criminals to successfully phish them. The motive for most phishing attacks is to steal employee login credentials so attackers can login into the network legitimately before launching their attack. To protect against this, organisations can use identity management solutions which remove passwords and credentials from employee hands, so they never see or know them. This means they can’t give them away even when they are targeted with a phishing scam.
For parents of Maiden Erlegh schools, it is also essential that they are on guard for phishing scams. Criminals could look to bank further from the attack by sending phishing emails to parents in a bid to steal more information. Being on guard for these emails is essential.”
“This is the third education facility in the UK in the last week to announce it has suffered a cyberattack, which highlights the focus attackers are placing on the sector.
When it comes to these attacks, they have a three-fold impact, firstly they can close schools, which disrupts education, secondly, they can put sensitive data about pupils at risk, while thirdly, with schools being forced to close this can also prevent parents from being able to get into their work which can impact businesses in the UK.
With the education sector already going through a period of intense scrutiny, this wave of cyberattacks will cause even further damage and put even more schools out of operation.
Given this increase in attacks, other education facilities must take note of these and ensure they are taking steps to protect their systems.
With ransomware being the weapon of choice, it is vital to have protections against this threat in place, such as training for phishing attacks, keeping systems patched and regularly planning for incidents to help minimise losses and disruptions, even when attacks due occur.”
A cyberattack on a school just before the start of the new academic year doesn’t come as a surprise at all. Schools are a prime target for cybercriminals because they have limited protective IT resources compared to other sectors.
Cyberattacks on the education sector can have severe consequences on a child’s education. In the attack against Debenham High School, students are currently unable to access work completed over the summer. However, we’ve seen worst-case scenarios where schools have been forced to temporarily close.
Despite the obvious concerns many parents will have, the school did confirm that no data had been compromised and there were safeguards in place, which is extremely positive. It is essential for any educational organisation to have advanced security controls that not only detect and resolve security issues quickly but also limits the movement of malware. Having security procedures in place can be crucial in minimising the impact of a cyberattack and enabling a quick recovery.
The education of children has already been greatly impacted by Covid; therefore, further closures due to a cyberattack cannot be afforded. By prioritising cybersecurity measures and investing in the necessary resources, schools can reduce the risk of falling victim to a cyberattack, but also, give themselves with the tools to quickly recover if they were ever breached.
“Although little is known regarding the specifics of the unfortunate attack on Debenham High School in Suffolk, cyberthreats remain highly pertinent to the education sector. In 2023 so far, Education has been one of the most heavily targeted sectors; ruthless cyber attackers continue to target vulnerable schools with under-invested IT infrastructure, a lack of controls and outdated cybersecurity tools.
In light of the ‘Back2School’ rush in the forthcoming weeks, both schools and parents/pupils alike have a responsibility to play to ensure cyberattacks are kept to a minimum, and any incidents that do happen are under control: