- Security TWENTY
- Women in Security
With remote learning here to stay educational institutions need to rethink their cyber-strategy, says Mark Belgrove, pictured, Head of Cyber Consultancy at cloud and cyber company Exponential-e.
Recently, the government’s National Cyber Security Centre issued an alert raising concern around spikes in ransomware attacks affecting schools. The news of a dozen schools with nearly 40,000 pupils suffering from cyber-attacks is not an isolated incident. The various scandals happening across the education sector serves as a stark wake-up call, and a reminder that it will continue to be targeted by a variety of new malicious actors, much like other key sectors.
The scale of this threat should not be news to those working in the industry, however. A previous study of cyber security breaches in the sector revealed that an alarming 59 per cent of UK school and education institutions reported a security breach or attack in the preceding 12 months, compared to 46pc of businesses. In higher education alone, 57pc of institutions identified attacks or breaches at least once a week, demonstrating the volume and consistency of the threats posed to all levels of education.
In light of this landscape, it has never been more important for the education sector to make cyber security a priority when it comes to safeguarding students.
How cybersecurity challenges are evolving?
Despite 98pc of schools using antivirus software, and 99pc using some form of firewall protection, attacks on education systems are continuing to prove successful and are becoming highly sophisticated. The most common attack method remains phishing. The tactic that has proved fruitful for many years, but relies on attackers constantly updating the false ‘hooks’ they use to dupe unsuspecting victims. One of the most common examples in the last 12 months has involved cybercriminals sending malicious links designed to look like those from popular video apps used for remote learning to dupe unsuspecting victims.
As well as old attack types evolving, new methods have emerged that take advantage of the novelty of video conferencing systems. For example, “Zoom bombing”, whereby an uninvited user accesses a video call or online class. This may seem harmless, but poses a serious threat to everyone’s privacy and runs the risk of students being exposed to inappropriate materials.
How can we secure online learning?
Educational institutions must adopt a robust cyber security strategy that not only acknowledges traditional threats, but also addresses new approaches that cyber criminals are leveraging.
Recent school closures to accommodate the UK’s third lockdown have prompted encouraging developments to improve the sector’s security posture. The Department of Education (DfE) for example recently published a guide to cybersecurity best practice for remote learning, and is now liaising directly with the NCSC and education institutions to share advice on avoiding cyberattacks and how to mitigate the consequences when they do occur. The DfE has also mandated that it will implement a formal plan for secure remote learning by September 2021. But in the meantime, education institutions must ensure students, as well as staff, are kept secure when working and learning from home.
As a first port of call, IT teams across all levels of education can and should be implementing standard solutions to mitigate risks, such as securing VPNs and establishing a strong firewall and internet gateways to protect IT networks from attack, unauthorised access, and malicious content.
However, more can be done to negate a significant portion of the attacks we are seeing in today’s advanced cyber landscape. For example, education institutions should mandate basic cybersecurity awareness and training for all staff and students to raise awareness of good cybersecurity practices. This approach to mitigating cyber risks can also be useful for alleviating challenges caused by a lack of funding and other budgetary considerations.
For those specifically tasked with ensuring IT security, solutions that secure and validate the identity of all their network users should be a priority. Identity access management, for instance, implements strong authentication and digital identification techniques to enable secure access and interactions for all staff and students.
Looking ahead – how online learning will become the new norm
The events of 2020 finally prompted a belated realisation of just how important cybersecurity is. Remote learning has already indispensable during lockdown, and powerful foundation for new channels of education.
These innovations augur well for the future, but with every innovation comes an extended and more complex threat landscape. Many technology partners possess the expertise in hands-on security monitoring, cutting-edge threat intelligence, and secure, compliant hosting of sensitive data, to help education institutions adopt a robust approach to security that is tailored to the systems, tools and materials being used by pupils and staff.
Looking back on the last 12 months, we should be proud of the rapid advancements in online education we’ve seen. And as we continue to adapt and deploy new technologies that support effective home learning, it’s critical that we continue to raise the awareness of students and staff around cybersecurity threats, so we can deliver a safe and secure cyber future for all those learning.