In September, the UK government’s NCSC (National Cyber Security Centre), part of GCHQ, issued an alert to the academic sector following a series of online attacks against schools, colleges and universities. The attacks coincided with the return of pupils and students and prompted the NCSC to urge immediate steps to mitigate the risks and deal with possible breaches.
Many of the incidents reported were ransomware attacks, typically involving the encryption of data by cyber criminals, who then demand money in exchange for its recovery. By targeting important and sensitive data, institutions that have been infected by the ransomware have seen their ability to operate effectively significantly obstructed and risked fines for breaching GDPR.
This latest spate of reports reflects a general increase in attacks targeting education in recent years, primarily for financial gain and data theft. According to the Cyber Security Breaches Survey 2020, 41% of primary schools, 76% of secondary schools and 80% of further/higher education facilities have identified breaches or attacks in the last 12 months.
While schools, colleges and universities have been returning to on-site teaching, the COVID-19 pandemic has driven the move to remote learning. This has extended the traditional network perimeter to connect thousands of remote devices not under the control of the IT department. This has radically changed the threat landscape for education and presents new challenges for IT managers facing the unknown.
Education is a more challenging environment to protect than most businesses, largely because of the diverse user base and wide range of personal and unmanaged devices connecting to the network. These devices may also be shared with other family members, so if they are compromised, or already infected with malware and reconnected into the school environment, this could lead to a cyber incident or potential breach.
Humans – both young and old – are often the weakest link and pose one of the biggest threats to a security system, whether through error or something more sinister. That’s why security awareness and education must be at the heart of any cybersecurity prevention policy – educating the educators, as well as pupils and students.
Defence in depth
When it comes to technology defences, a layered approach to cybersecurity is vital. While every network needs a strong network firewall, they also need a full arsenal of scanning engines to provide visibility, threat intelligence and protection against spyware and viruses, malicious apps, data leakage and unknown zero-day threats.
Then there is the problem of stolen or weak passwords; as we all struggle with remembering a multitude of long, complex and secure passwords, the use of multi-factor authentication (MFA) is compelling. MFA is a security system that requires more than one method of authentication to verify the user’s identity for login.
A popular approach is a one-time-password sent to a mobile phone, for example. And with so many students and pupils connecting to the main network remotely, it’s also vital to protect each end-user device. Utilising tools to prevent attempts to connect to malicious websites through phishing attacks, as well as preventing access to inappropriate content, is key.
As well as being a vital tool for study, we often don’t think twice about connecting to an unsecured wifi network to check emails and social media. But it’s all too easy for hackers to compromise wifi and set up their own rogue hotspots that look genuine. That’s why schools, colleges and universities need to provide a Trusted Wireless Environment (TWE) that’s fast, easy to manage and, most importantly, secure.
The bottom line is there is no silver bullet when it comes to defeating cybercrime. The best way to combat the growing threat landscape is through education and by implementing a layered security approach.