Ransomware criminals looking to target particular high-value industries has long been well documented. However, recentreports have shown that the education industry is currently facing the highest amount of ransomware attacks compared to any other industry – including healthcare and financial services.
In other industries targeted by ransomware attacks, the data being held to ransom is of critical value to the ongoing operations of the business. In contrast, with education the value of the ransomed data comes from educator’s responsibility to protect minors from harm. Of course, schools can still provide their syllabus once an attack has occurred, but they are founded on the premise that their students are kept secure. An attack on a school or college is an attack on the personal information of their pupils, and therefore schools have little option but to pay the ransom to continue safeguarding those in their care – a key factor into why they are seeing such high numbers of ransomware issues.
The first step is education
First and foremost, education organisations need to invest in exactly what they do best: educating. While it is extremely difficult to block every form of ransomware from breaching your network, education can be the difference, stopping ransomware before it’s even had a chance to infiltrate a company. This is lecturers, teachers and other staff members are the weakest link in most security plans, the chink in the armour. Cyber criminals understand this and therefore often target unsuspecting staff and students.
Hackers know the environment they are attacking and capitalise on the fact that the majority of people will not ignore an innocent looking email from a fellow lecturer, teacher or student
Hackers know the environment they are attacking and capitalise on the fact that the majority of people will not ignore an innocent looking email from a fellow lecturer, teacher or student. After all, would you ignore an email labelled urgent from your head teacher or a member of the Board of Governors? Probably not.
In order to minimise this risk, schools should provide informative materials and awareness courses on how to spot a phishing email, who to contact when one is received and ultimately how to avoid playing in to the hands of a criminal. This way, if a teacher or other employee does find a suspect email in their inbox, they are equipped to deal with the situation.
Defending against the threat
Due to the ever-evolving nature of ransomware attacks, the issue can never be completely solved exclusively through education. However, there are a number of other steps that an organisation can take to make sure they are protected to the best of their abilities. Here are the five key areas of security that educational bodies should focus their efforts on to protect their staff and students.
Set up technology to defend: Technology can provide organisations with a further layer of protection. Strategies such as only allowing users access to the information on the network they need (permission-based access), only allowing accepted programmes to work in the network (application whitelisting) and not allowing programmes to execute changes even if they make it through the whitelisting process (read-only blanketing) provide several roadblocks for ransomware programmes. Naturally, it is vital to keep this updated and the latest versions of software should be used in order to keep pace with attackers.
Automate to innovate: Many access points into an organisation’s network come from individuals joining and leaving it. Therefore, the on- and off-boarding process should be automated so that these weaknesses are dealt with in an organised fashion – e.g. once staff move on, their network access is automatically removed and the entry point closed. Any applications or downloads need to be closely monitored too, with flexibility still taken into account. Automated provisioning of apps will allow requests for programmes to be monitored and delivered in a safe way without again opening up an entry point into any systems.
Keep security front and centre: Information security can’t simply be ‘dealt with’. Schools, colleges and universities should always assume they are being infiltrated, and therefore should carry out penetration tests regularly. Ethical hackers are a valuable resource for highlighting where weaknesses lie. As an organisation, it is also vital to have plans in place for when an attack hits. These plans must correlate to the different levels of an attack – including a complete lock-out of your data. This will give some direction and structure if your information is ever under siege.
Replicate and hide away data: In many cases, built-in redundancies can make the difference between successfully recovering from an attack or not. Remember, hackers will not always hand back the unencrypted data once they have been paid – and it may be permanently corrupted – so ensuring that a backup is in place can be the difference between having to shut down or not. This isn’t simply a case of having legacy data sitting on a server, but an active and up-to-date backup of staff and student’s workspace for easy recovery of their work.
Prepare for the worst: Data insurance is something that every organisation should arrange – and not just those working in education. As previously mentioned, the cost of an attack can quickly spiral out of hand, so ensuring that this amount won’t permanently damage your learning environment should be of paramount importance.
Face ransomware on the front foot
The bottom line is that the UK education sector must take a proactive stance against the potential threat that ransomware poses. It is an important start to highlight how severe these attacks can be, but ransomware is not a new phenomenon; merely an evolving one. But by understanding their significance, and why they are particularly vulnerable to this style of attack, education across the UK should draw the battle lines now. By educating staff, ensuring IT systems are backed up and that they have the right technologies in place, the UK’s educational authorities can go a long way to minimising the threat of ransomware before it steals their lunch money.
Subscribe to our free fortnightly newsletter and stay ahead with the latest news in edtech