The education sector is still suffering a higher level of cyber issues than business. This might mean that companies are doing more than schools to protect data and systems, or it could mean that even though schools have improved their security, they are more likely to be targeted by criminals. So says the longer of two reports by London Grid for Learning (LGfL).
Most, 78pc of schools said they had experienced at least one of the types of cyber security incident mentioned in a survey for the UK official National Cyber Security Centre. In particular, ransomware attacks continue to increase, the study found.
Research by LGfL, a not for profit charity that offers digital and cyber services – with the NCSC – shows that over half the schools in the May 2022 research (53pc) felt prepared for a cyber attack. Some could do more: 4pc admitted to having no back-up facilities, 26pc are not using multi-factor authentication and a quarter are not limiting staff access to USB devices.
As in other sectors, cyber breaches have real-world consequences. In an earlier such survey in 2019, no school recorded a parent losing money due to a cyber incident, but in 2022 six schools reported they had. Email is key; the biggest sort of cyber attack faced was fraudulent emails (phishing), reported by 73 per cent of schools responding.
Seven per cent replied ‘yes’ to the question, ‘has your school ever been significantly disrupted by a cyber incident or attack’. Other findings include:
– all schools now use firewall protection;
– 74pc of schools enable two-step verification (2SV) for their most important accounts;
– near all, 99pc of schools use an antivirus solution; and
– 56pc of school leaders and governors felt more informed about the cyber security issues within their schools
The NCSC points to its cyber security for schools website, offering cyber security resources for schools. Not quite half of schools (46pc) questioned in the survey were aware of the NCSC’s free cyber security training for school staff.
As the NCSC said, the covid pandemic and widespread adoption of home schooling from spring 2020 meant schools have become even more reliant on IT-related services for admin, and learning. Schools are now looking at their contingency planning for a cyber breach or attack, with 49pc stating they have appropriate documents in place. There is clearly still a very long way to go, the second, more detailed report concluded; ‘we can hardly talk of widespread preparedness if half of schools have not documented what they would do if they lost access to their systems’.
Two reports that you can freely access outline the threats facing schools, measures that are in place (or not!), how effective they are and how quickly schools have recovered from cyber-incidents; and offer further guidance and analysis, with next steps to strengthen protections across a sector, that’s being increasingly a target, the authorities say.
Just as fire drills help schools avoid chaos in a real emergency, ask yourself what you would do if you found all of your IT systems were suddenly unavailable because of a ransomware attack. Would chaos reign, or would your careful plan (if you could still access it, that is!) be fit for purpose? the report asks.
In a foreword, Sarah Lyons, Deputy Director for Economy & Society at the NCSC, said: “Our schools rely so much on the myriad of data required to run efficiently, including sensitive data on students, parents, governors and staff and yet more work is still to be done to support the cyber security around these essential services. The National Cyber Security Centre has been working with schools and the education sector to provide free tools and guidance to help schools manage their cyber risks effectively and supporting them to keep this valuable information safe.”
Comments
Dr Darren Williams, CEO and founder of anti-ransomware cyber product company Blackfog said: “Our 2022 ransomware report documented 64 publicly reported ransomware attacks against the education sector, representing a massive 48.8pc increase over 2021. This alarming increase saw the education sector move from second place in 2021 to first place in 2022, ranking above both government and healthcare, two of the other most highly targeted sectors.
“While the use of firewalls, Antivirus and 2FA [two factor authentication] may make the schools feel better protected against ransomware, none of these legacy approaches mitigate the risk of data exfiltration. Data held by schools is often sensitive in nature and as such it is very appealing to criminal gangs who rely on it for extortion. With data exfiltration occurring in 89pc of publicised ransomware attacks last year, schools must make an investment in next generation cybersecurity tools that prevent data exfiltration to really stay ahead of cyber criminals.”
And Bernard Montel, EMEA technical director and cybersecurity strategist at Tenable said: “The trend of hyper specialised hacking groups who focus on a particular sector has been determined for a few years now. Vice Society is believed to be a Russian-based group, sometimes referred to as DEV-0832, that has been active since December 2020 and associated with multiple intrusion, exfiltration and extortion attacks targeting education institutions worldwide. The group is known to favour exploitation of PrintNightmare (CVE-2021-34527), a flaw in Microsoft Windows Print Spooler that was disclosed in July of 2021.
“Ransomware groups rarely create the malware themselves, instead relying on developers who refine the ransomware code offering specialised variants to each hacking gang based on the end objective and/or target. The gang then infiltrates the target organisation and deploys the malware, looking to steal files and encrypt data as quickly as possible to avoid detection. With Vice Society, the encryption has been tailored for its robustness and speed, encrypting smaller files in full and parts of larger files with asymmetric and symmetric encryption.
“It’s worrying that such highly confidential and sensitive information was included in these heists. The individuals whose passport details were compromised could be left susceptible to identity theft and similar attacks. For families of SEN children, they could be open to targeted phishing attacks. The list goes on. The frustration is that, once this information is made public, it’s impossible to put the genie back in the bottle.
“The education sector has been in the attackers’ cross-hairs for a number of years now and it’s imperative that those tasked with the security of educational institutions take action to strengthen defences. Ransomware gangs will target known but unpatched vulnerabilities in software, such as PrintNightmare. Finding and updating these systems to the latest software version will prevent most attackers from gaining a toehold needed to infiltrate systems. In tandem, finding and protecting sensitive information has to be a priority.”
