The National Cyber Security Centre (NCSC) recently released a security alert warning stating that with the return of students to classrooms many cyber attackers are now targeting schools and universities.
Many of the recent attacks to hit educational institutions involved Ransomware. This attack uses a type of malware to block access to the victim's data. After the attacker captures the data, they then threaten to publish it unless a ransom is paid by the victim.
Ransomware is one of the most dangerous attacks as it can to bring an entire organisation to a halt. We all witnessed this with the 2017 WannaCry attack that caused severe damage and downtime of NHS systems.
Why attackers are targeting the education sector
Many schools and universities forced to close classrooms during the pandemic had to begin offering online learning alternatives. This expanded online environment opened a larger attack surface for cyber criminals.
Institutions are often under high stress to ensure systems and services are available (with minimal downtime) for staff and students. Financially motivated attackers see the potential to receive ransom payment from institutions in order to keep their systems up and protect students’ data.
Recent ransomware attacks
In early September, Newcastle University was hit by the DoppelPaymer ransomware gang who are now claiming they stole from the institution’s servers and are threatening to release the data on their “Doppel Leaks” site.
You may also recall in mid-September, that Northumbria University was hit with a cyber-attack that led to exams being cancelled and students unable to go to university. Although nothing has been officially released on what kind of attack this was, it does show all the traits of ransomware.
The attack led to systems being taken down for a week, including the student portal and other online platforms temporarily being switched off as a precautionary measure.
How can educational institutions respond and remediate?
As the pandemic continues to force students to work remotely and out of the classroom, schools and universities will depend on their online educational systems. These systems must be more resilient to attacks. Although there is no such thing as being 100% secure – 100% of the time, institutions can take steps to help protect their systems and create cyber resiliency.
Steps to take immediately are to ensure that computer user’s firewalls are turned on, they should avoid questionable/insecure websites and be alert to suspicious email messages. Choosing proven antivirus software from a reputable company can also help protect user’s computers against ransomware threats.
The next step is to establish a strong cyber security strategy to ensure resilience. Risk Crew, an elite group of information security governance, risk & compliance experts, recommend that institutions start with the following:
- Staff Awareness Training – Implement an information security training programme that educates staff on how to identify phishing and ransomware scams; plus teaches them on what to do if they download a malicious attachment or click a suspicious link. Reinforce awareness with monthly security updates.
- Policies and Procedures – Create policies and procedures that support an effective security strategy. These should take into account everything from mandating multi-factor authentication, limiting user privileges to establishing an incident response plan.
- Conduct Security Penetration Testing – Any institution or business that wants to protect their information assets and prevent data breaches should have security penetration testing conducted at least annually. Testing should at the minimum include a security vulnerability scan of systems and phishing exercises to test staff awareness.
- Cyber Security Insurance – As stated earlier, there is no such thing as being 100% secure. Cyber liability insurance should be considered as part of a security strategy to ensure your resiliency to recover.
To conclude, as the education sector and other businesses rely more on delivering services online, this widens the attack surface for cyber criminals. It’s more critical than ever to put measures in place to secure systems and to implement a strong cyber security strategy.
If your business is struggling with implementing a robust cyber security and risk management strategy? We can help!
Our partner, Risk Crew, provides guidance and services to help get you started with security policies, staff awareness training and security penetration testing.
And you can get more information about cyber-liability insurance below or contact Clear's cyber-insurance specialist Stewart Ruffles on 020 7280 3479.