Education sector needs to wise up to more cyberattacks

With over 1,800 cyberattacks a week Check Point urges UK education sector to do more

Deryck Mitchelson, field chief information security officer (CISO) at Check Point Software Technologies, is warning the UK’s education sector that it is currently facing around 1,800 weekly cyberattacks and urges schools and colleges to increase cybersecurity efforts.

Recently, ransomware group, Vice Society, attacked multiple schools in the US and UK, including Test Valley, Buntington First School and Harpenden Academy. The ransomware attacks resulted in confidential data being posted on the dark web, putting over 4,500 students at risk.

This focus on the education sector is not new, with Check Point’s 2022 Mid-Year Report, reporting a 44% increase in cyberattacks against this industry worldwide, when compared to 2021.

‘Our research team’s monthly threat index has found education to be the most impacted sector for the whole of 2022.’_ Deryck Mitchelson, Check Point

This year there have been high profile attacks on the Los Angeles Unified School District as well as the Chicago public school system, that exposed four years’ worth of records of nearly 500,000 students and just under 60,000 employees.

And before the recent spate of attacks by Vice Society in the UK, British school De Montford also fell victim to a ransomware attack earlier this year.

Part of the appeal is the sheer number of personal details. In most companies you tend to only have employees whereas academic institutions don’t just have employees like teachers and lecturers, they also have students. With so many more people, this makes networks in the sector much bigger, more open, and more difficult to protect. Plus, that also means there is so much personally identifiable information (PII) that can be used for financial gain.

‘…there is so much personally identifiable information (PII) that can be used for financial gain’ _ Deryck Mitchelson

Mitchelson commented: “Academic institutions are currently sitting ducks. Our research team’s monthly threat index has found education to be the most impacted sector for the whole of 2022. It’s clear that cybercriminals are finding these attacks fruitful, and schools and colleges should be preparing for the rate of these attacks to increase even further.

“Students are not employees, they use their own devices, work from shared flats, and connect to free wi-fi without necessarily thinking about the security risks. This combination of a lack of understanding and ignorance has contributed to the perfect storm, giving hackers free run.

“While Vice Society is clearly on a mission to target more and more schools, it’s critical that action is taken now to prevent it from happening. A ransomware attack should not just be seen as an inconvenience, it could potentially result in a school being closed down, as was the case with Lincoln College that we saw earlier this year.”

“There are technologies than can allow universities, colleges, and schools to be more secure without disrupting student education. By choosing to adopt a prevent-first approach and by integrating best practices such as network segmentation, multi-factor authentication and endpoint security, academic institutions can begin to fight back against malicious cybercriminals.”*


You might also be interested in: Education sector most at risk of cyberattack

Leave a Reply

How do we reframe assessment? Using technology for formative feedback

Join this webinar and hear from key industry leaders on the principles of good assessment and feedback and the power video offers.

How to secure MATs against cyber attacks

Download the Sophos FREE guide today