Newly released data from the Scottish Qualifications Authority (SQA) helps illustrate just how frequently the education sector is under attack from would-be cyber criminals.
According to figures revealed following a freedom of information request by the Parliament Street think tank, the SQA was hit by a total of 862,617 malicious emails between December 2020 and February 2021.
In March, the National Cyber Security Centre (NCSC) issued a sector-wide alert following a spike in the targeting of education establishments.
While the vast majority of the attacks comprised spam emails, the awards body also recorded 22,291 cases of phishing (emails encouraging users to open malicious files or links) and 129 malware attacks.
“Ransomware attacks are disproportionately targeting education institutions in this current climate”– Chris Ross, Barracuda Networks
The NCSC is recommending that organisations take all possible steps to follow its guidance on how to defend organisations against malware or ransomware attacks.
In brief, these measures include:
- Drawing up an incident response plan, which includes a scenario for a ransomware attack
- Having up-to-date and tested offline backups
- Effective vulnerability management and patching procedures
- Installation of antivirus software
- Implementing mechanisms to prevent phishing attacks
Experts say that, in the rush to get pupils online during the various rounds of pandemic-enforced school closures, cybersecurity often became less of a priority and left education institutions unusually vulnerable.
“Attackers look to target sensitive data such as payment information, email addresses and personal details like names and contact details to sell for money on the black market, or use in future scam attempts,” said Chris Ross, of cybersecurity providers, Barracuda Networks.
“Ransomware attacks are also disproportionately targeting education institutions in this current climate, as scammers attempt to steal or restrict access to invaluable course work or projects, which they offer to return for a fee.
“Schools, universities and other organisations in the education sector must combat the threat posed by phishing attacks by investing in email security that leverages artificial intelligence, as well as training for employees, staff and students.
Both Ross and the NCSC say that properly backed-up systems are also vital, allowing lost or stolen data to be safely retrieved without recourse to ransom payment.