Cyber criminals are carrying out further ransomware attacks on the UK education sectors, warns the official NCSC (National Cyber Security Centre).
The NCSC’s advice includes steps which to take as part of what the arm of GCHQ calls a ‘defence in depth’ strategy, from installing and enabling anti-virus software to having up-to-date and tested off-line back-ups.
Paul Chichester, Director of Operations at the NCSC, said: “Any targeting of the education sector by cyber criminals is completely unacceptable. This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.
“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents.”
The NCSC previously reported an increase in ransomware attacks on the UK education sector in August and September 2020.
Comment
Calvin Gan, Senior Manager, Tactical Defense Unit at F-Secure says: “Having a regulatory body issuing an alert or something similar is telling enough that there is still work needed to improve the security posture within the education sector. If institutions are not following the advice, we will start seeing something similar to how the health sector was impacted last year. We never thought that health data could help cyber criminals earn money, but that has happened. The same goes for the education sector. Data that may not seem valuable for monetary gain such as student data or proprietary course materials are now at risk of being held hostage for a ransom.
“Institutions should now heed the call to improve security measures, start implementing better protection methods for any form of data, and start forming and testing response plans in case they are impacted by an attack. Cyber criminals are now very quick and agile in adopting new attack techniques, so educational establishments should not be complacent just because they have followed the mitigation guidelines now. Instead, they should be actively reviewing, monitoring and updating these measures to continuously minimize the attack vector”
