The pandemic has led to many educational establishments across the UK experiencing the need to connect staff and students remotely and to collaborate online, thus bringing forward a number of new challenges around the way schools and universities manage their data protection and cyber security.
This month, we ran a joint webinar with leading data management experts, Redstor, titled ‘The Increasing Ransomware Threat in Education’ to highlight recent trends in cyber threats, and recommend strategies to stay protected.
We heard from Detective Inspector Chris White (Head of Cyber & Innovation) and Detective Superintendent Nick Bell (National Policing Director) from the UK Cyber Resilience Centre on four key areas of cyber security awareness:
- The rising threat to education
- Protection from malware/ransomware
- How to identify and avoid phishing attacks
- The importance of secure data protection and backup
With so much valuable content delivered by the contributors, we’ve narrowed it down to four key cyber security learnings for the education sector…
The rising threat to education in UK
Threats to cyber security are still a major concern for organisations across multiple sectors in the UK. In fact, malicious cyber-attacks have evolved and become more frequent, particularly in schools and universities. In September, both Newcastle and Northumbria Universities were targeted by cyber criminals, and a group of further and higher education colleges in Yorkshire and Lancashire faced attacks in the summer.
The biggest threat to schools and higher education currently comes from fraudulent emails (known as phishing) that contain ordinary-looking, malicious links, which host malware (malicious software). Ransomware attacks, in particular, are becoming more targeted and increasingly more sophisticated.
Tip 1 – Be aware that ‘phishing’ emails are one of the biggest cyber threats in Education.
As Detective Inspector Chris White explained, “Criminals spend time investigating your network in order to understand it and look for your organisation’s critical systems.”
Not surprisingly, organisations are being targeted over private individuals as they are more likely to need their data back straight away and would be more inclined to pay the ransom to their attackers.
Cyber security breaches are expensive
According to the NCSC, “the average cost of all cyber security breaches organisations have experienced in past 12 months is estimated at £3,230. For medium and large organisations, the average cost is £5,220.”
The cost of potential breaches versus investment in better security services raises another interesting point. From these figures it is evident that not having good data protection and backup in place can cost you more in the long run.
Tip 2 – Investing in business continuity and disaster recovery (BCDR) is essential for schools and universities.
The advice for educational organisations is to look at what they currently have in place, and to be proactive and seek additional measures to prevent future attacks. These precautions involve applying software updates, maintaining up-to-date malware protection, secure firewalls, restricting IT admin and access rights, and more.
Tip 3 – Ensure your educational establishment has up-to-date cyber security measures and controls in place.
Resources for schools, colleges and universities
Team Cyber UK forms the very core of the UK’s cyber police response for schools and universities, and is a coordinated effort at national, regional and local levels. There is a cybercrime unit within the 43 forces in England and Wales with one hundred percent of cases being investigated and receiving the appropriate response. Their strategy is to understand cyber threats and to empower academic organisations to protect themselves by increase understanding, and providing the advice and tools needed to protect themselves. DS Nick Bell explained that “75% of cybercrime is preventable and we work to prevent the attacks occurring but also to make the UK a hostile place for cyber criminals.” He also confirmed that both the operational and the reputational needs of the organisation are considered.
Ransomware groups still present the most visible cybercrime threats in the UK. Highly capable organised groups continue to develop. This quarter alone, there has been an increase in ransomware attacks against the education sector; including high-profile attacks against universities in the North East this summer. The timing of these attacks often coincide with an increased pressure on colleges and universities, such as the release of students’ grades and campus’ reopening.
However, there have been huge developments over recent years in cybercrime investigation. With the recently launched police cyber alarm, you can can sign up and use software which identifies suspicious activity on firewalls and therefore, capture the treat.
Tip 4 – Keep your network and data safe with a reputable cyber security provider, like KBR.
Engaging a reputable and knowledgeable cyber security expert is essential for every school, college and university. KBR is a leading provider of cyber security solutions in the UK, including; Network Security, Data Protection and Backup, and Business Continuity & Disaster Recovery (BCDR).
Concerned your school or organisation could be at risk from cyber threats? Speak to our cyber security experts to get the latest advice on how to stay protected.