By Dakota Murphey
Cyber security threats have been a hot topic among professionals across a range of sectors in recent years, and education is no different. While Disclosure and Barring Service (DBS) check scams have created recent problems for teaching job seekers, it’s not uncommon to find heads of schools, colleges and universities caught in the proverbial crossfires of a nefarious cyber incident, system breach, or situation that could compromise student data integrity.
The rise of ransomware in the education sector
Given how digitised many education facilities have become in recent years, understanding the potential cyber risks with classroom or top-level system technology is vital. One of the most deadly and fast-rising types of cybercrime is ransomware, which is affecting education institutions in the UK like never before. On the surface, it may seem puzzling why malicious actors would target schools, but a closer examination reveals several compelling reasons behind this evolving cyber security method. A recent report revealed that ransomware attacks increased by 87% in the UK and 37% globally in the first half of 2023.
This highly sophisticated form of malware (malicious software) can, at best, be a disruptive nuisance, but at worst, can lock down critical systems and extort funds from education providers. With many schools needing to find the best way possible to set an effective limited budget, they can ill afford to face yet another financial ‘shot in the arm’ at times when costs are high.
What’s more, education providers are bound by heavy regulations that mandate safe and strict cyber security infrastructure in place to safeguard student and stakeholder data. If a ransomware (or indeed, any other) incident were to compromise this vital data, the education facility could suffer further financial or reputational damage.
Therefore, it’s fair to say that headteachers and decision-makers should pay close attention to the evolving threat of ransomware. To do that, it’s prudent to examine why it has proliferated to such a degree in education settings and what head teachers can do to prevent it from escalating and becoming an issue in their facilities.
Why are schools targeted by ransomware attackers?
Insufficient Cyber Security Resources
Many schools do not have a stable security infrastructure, nor do they have access to the resources necessary to maintain a robust cyber posture. With budgets increasingly stretched, education facilities must allocate funds to the most essential equipment to maintain the safety of students and teachers, from security gates and alarms to CCTV. Often, this leaves little to no room for enterprise-grade digital security measures like encryption software, cyber security training, and endpoint threat detection solutions.
Unfortunately, this lack of practical and proactive cyber awareness makes schools easy targets, allowing ransomware operators the ability to infiltrate school systems with greater ease. Additionally, staff are less able to easily detect nefarious activity across their networks meaning that insider threats are less overt, and attackers can move laterally across an estate more easily.
Failing to maintain a continuous learning environment
Schools, colleges, and universities are heavily reliant on their IT systems to facilitate teaching, learning and administration, among other processes. Online learning platforms, virtual classrooms, student databases, faculty emails, admin and grading systems and more all rely on an interconnected school system. Furthermore, creating a seamless, uninterrupted educational experience for students requires a steady data flow between computers and other devices on a school network. Schools must meet the Department for Education’s Digital Accessibility Standards to ensure all digital resources, content, and services are accessible. However, this is made much more difficult if the underlying system is vulnerable.
If they are unable to access the information and systems they need, this could disrupt the education experience. Ransomware operators recognise the dependency that students and teachers alike have on digital infrastructure and can block or encrypt access to critical systems until a ransom is paid, thus bringing education to a de facto standstill. Faced with prolonged disruption due to ransomware, many institutions may feel compelled to pay ransom demands.
Holding valuable, sensitive data
Schools and education facilities store a huge amount of personally identifiable information (PII) and data in cloud-based digital repositories. The nature of this data is highly sensitive, including names, addresses, contact details, medical and academic records, all of which can be leveraged against a school or individual for illegal or unethical blackmail tactics.
Stolen data can also be used as bargaining chips for attackers who may threaten to publicly release or sell it on the dark web unless ransom demands are met. The potential consequences of such data breaches can be severe for schools as well as individuals whose information is compromised. Schools are also bound by General Data Protection Regulations (GDPR) which can impose fines if data is not upheld with integrity and a breach occurs.
How to mitigate the damage from ransomware and other cybercrime
While the evolving threat of ransomware is evidently serious, it is not impossible to overcome. It does mean that schools will have to make key and budget-conscious decisions on safeguarding data and information in light of the complex and changing cyber threat landscape.
Basic threat prevention and data security measures include enforcing strong password policies for students and teachers, ensuring that all logins are unique and meet minimum criteria, and backing these measures up with multi-factor authentication (MFA) where possible. Recent stats from Microsoft say that MFA reduces the risk of successful cyber attacks by blocking over 99.9% of account compromises.
Systems and software must be regularly patched and updated to protect them from known vulnerabilities and weak spots, robust backups and recovery solutions must be deployed, and email security must be enhanced to minimise the potential for phishing and malware entry.
Fundamentally, however, as all education providers know, the most important facet is understanding the what, the where, and the how. Fostering a culture of greater cyber awareness is pivotal in helping schools overcome almost any security issue including ransomware. Encourage open communication and clear reporting procedures, promote safe computing practices and adherence to clear security policies, and regularly review and update security measures in light of emerging threats.
Continuous vigilance and proactive measures are key
Headteachers and school decision-makers must recognise that ransomware is a constantly evolving threat, with new attack vectors and methods emerging regularly. Therefore, simply upgrading to new security solutions and software won’t be enough on their own to safeguard any and all cyber threats. Security is an ongoing tactic that must be balanced with other, everyday activities for schools, such as teaching, support, and administration. Strengthening security as a whole is only possible if there is an inherent alignment across all staff and students in a facility.
While taking the preventative steps above will drastically reduce a school’s threat exposure, headteachers must take continuous proactive measures to safeguard assets, ensure the continuity of their operations, and protect the privacy and well-being of students and staff alike.