As the new academic year approaches, school leaders are being cautioned by the National Cyber Security Centre (NCSC) to prepare for potential cyberattacks. The Centre has emphasized the necessity of implementing “appropriate security measures” to safeguard against these threats and avoid disruptions. While there’s no current indication of an elevated threat level as schools resume, the timing could amplify the impact of any cyber incident.
Don Smith, vice president of the counter-threat unit at Secureworks, explained to Sky News how the onset of a new school term, combined with activities like account creations and the use of portable devices, can introduce vulnerabilities. He stated, “Summer is a period when many use their devices for leisure activities, which might lead to them getting infected. If schools permit devices to be taken home or allow personal devices, these can introduce malware into school networks.”
Last year, a cyberattack crippled six schools within an academy trust in Hertfordshire just a few weeks into the term. More recently, Debenham High School in Suffolk had all of its computer systems knocked offline due to a hack, causing technicians to race against time for restoration before classes commenced.
While concentrated cyber campaigns typically don’t target schools as they do businesses, educational institutions are still seen as appealing, opportunistic targets due to generally weaker defenses. According to Smith, budget constraints often result in inadequate cybersecurity measures in schools. He emphasized the importance of “basic digital hygiene” and suggested practices like two-factor authentication and regular software updates.
Smith further remarked, “Users are the frontline defenders in cybersecurity. It’s vital for everyone, including students and teachers, to understand the importance of strong passwords, to be cautious of suspicious downloads, and to recognize phishing attempts.”
Recent international research involving University College London revealed that 15% of 15-year-olds might respond to a phishing email, a percentage that rises among teenagers from disadvantaged backgrounds. Professor John Jerrim, a study contributor, indicated the necessity of equipping teenagers to navigate the intricate and perilous digital realm.
The NCSC, an affiliate of GCHQ, has previously signaled a surge in ransomware attacks targeting the educational sector. Such attacks involve hackers infiltrating systems and blocking access until a ransom is paid. Cybersecurity firm SonicWall reported that while ransomware attacks saw a decline in early 2023, there has been a noticeable increase recently.
Debenham High School’s recent cyber incident further underscores the urgency. In a communication to parents, Headteacher Simon Martin informed them of the ongoing restoration efforts, adding, “We’re assured by our support team that the restoration should be quicker due to the precautions we’ve taken.” He also alleviated concerns about student assignments done over the holidays being inaccessible, reassuring that the staff is cognizant of the situation.
This incident serves as a stark reminder of the digital challenges schools face and the importance of bolstering cybersecurity measures.