It’s a fact that all organisations are valuable targets for cybercriminals, no matter the size of the organisation. However, some sectors are targeted more than others. Education is one of those sectors.
In 2022, the UK Government outlined the percentage of organisations that had identified breaches or attacks over a period of 12 months, which found that 39% of all UK businesses suffered a breach. For educational institutions, that number was significantly higher. The research found that further education colleges (88%) and higher education colleges (92%) are most likely to identify breaches or cyberattacks.
But what makes education a highly coveted industry for cybercriminals to attack? Erfan Shadabi, Cybersecurity Expert at comforte AG, explains: “Educational institutions, ranging from primary schools to universities, have become attractive targets for cybercriminals. These organisations house vast amounts of sensitive data, including personal information of students, staff, and parents, as well as intellectual property, research data, and financial records.”
“The consequences of a successful cyber attack in an educational setting can be devastating, affecting not only the institution’s reputation but also the education and safety of students. Thus, it is imperative that educational institutions proactively invest in cybersecurity measures. Implementing data-centric security protocols in educational institutions can significantly reduce the risk of data breaches and disruptions caused by cyberattacks.”
But with young people heading back to school this week, the National Cyber Security Centre (NCSC) has issued warnings for educational institutions to tighten security defences and remain vigilant to attacks.
Brian Higgins, security specialist at Comparitech, explains further: “It’s a particularly vulnerable time for schools right now, so much so that the National Cyber Security Centre has issued a warning across the country for improved defences and vigilance. The beginning of the school year sees hundreds of new users added to the network; students, staff, parents, suppliers etc. along with all of the devices and social media channels they will be using to stay connected. The vulnerabilities available to cybercriminals are plentiful.”
Referencing recent infrastructure issues hitting schools across the country, Higgins continues: “There’s no doubt that the current concrete issue will be exploited by online fraudsters, it only takes a DDoS to launch the most basic ransomware attack and its plausible that disgruntled pupils who may have recently received less than favourable exam results may seek some form of digital revenge. The Department of Education have rather unhelpfully stated that cybersecurity is a matter for individual schools so the best place to look for help and guidance is the NCSC. They have plenty of free resources for schools on their website and it’s never too late to learn.”
Just this week, it was revealed that one London secondary school had been forced to delay the start of the new term by a week. Highgate Wood Secondary School in Haringey is alleged to have suffered from a cyberattack, although it is believed that no data was accessed during the breach. This follows news earlier this year that a spate of Sussex schools had suffered cyberattacks.
Rebecca Moody, Head of Data research at Comparitech, said: “While the nature of the cyber attack is yet to be confirmed, this does sound like it has all of the hallmarks of a ransomware attack. As hackers look to coordinate their attacks, hitting a school just as it is about to reopen after the school holidays is arguably a prime time. We have also noted an increase in ransomware attacks on educational institutions this year, when compared to last.”
“Last year, we recorded 119 confirmed ransomware attacks on schools and colleges across the globe. So far this year, we’ve already logged 90. What is of concern is the number of records impacted in these attacks. Throughout 2023, 5.23 million records have been noted as breached as a result of ransomware attacks on schools/colleges. Across the 119 tracked last year, just 1.19 million records were breached.”
“If Highgate Wood Secondary School is confirmed as a ransomware attack, the next question will be what data could have been stolen by the hackers. As ransomware hackers continue to steal vast amounts of data while also encrypting systems, schools need to act quickly to not only try and regain control of their systems but to offer the best possible protection for students and staff if data is affected.”
The motives for cybercriminals are often unclear, sometimes hackers demand ransom, others may steal data and others may act as disruptive ‘hacktivists’. According to recent research by Outpost24, a ‘hacktivist’ can be defined as non-state actors that aim for the ‘disruption of services’ but do ‘not intend to cause harm.’
Darren James, a Product Specialist at Specops Software, an Outpost24 Company, adds: “It’s not only the poor state of the buildings that is having an impact on the new school term this year. One school has delayed the return of their students by nearly a week due to a cyber attack. The education sector is another popular target for cybercriminals and Hackivists.”
“From what we know so far this attack must have taken down one of the school’s core systems, and it is having to be rebuilt which is causing the delay. Whether the rebuild was due to data destruction or that the original was inherently insecure remains unknown, the good news is that so far it seems no data was stolen. As always with these types of denial-of-service attacks it’s important to remember the basics – make sure your users have strong, unbreached passwords (or even better passphrases and MFA) and make sure that you have tested your backups.”
Any organisation that stores data is a coveted target for cybersecurity. Evidently, it is time for educational institutions to brace themselves for a breach. School’s back, cyberattack.