Across the globe, education is a favourite target for cyber attackers. Many look to steal money or identities, while others are drawn to commit tax fraud or alter school records.
In 2018, according to Malwarebytes, education was the top sector for trojan detections and adware, and the second most likely to be hit with ransomware. The trend continued in the first half of 2019.
In June, a report from Endsleigh Insurance Services stated that 61% of UK independent schools had been targeted in the previous five years.
And at university level, while phishing attacks and malware remain the most immediate concerns, nation states looking to steal research increasingly pose a broader long-term threat.
It is against this backdrop that Maxxia, a funder of IT equipment for schools, has created a free guide to developing strategies to counter the main types of cyber-attack.
“Whilst the potential rewards in targeting schools are lower for cyber-criminals, the damage those with malicious intent could cause in terms of denial of access or data compromise, could have significant ramifications,” said Catherine Dawson, marketing director at Maxxia Group.
It is not only the bounty on offer that makes education such a favourite with hackers. There is also the perception – often well-founded – that institutions have limited budgets and resources to safeguard against cyber risks.
Moreover, a multitude of networks, used by an ever-changing roster of students and staff, via a mixture of institution- and self-owned devices, equates to both an awful lot of data and an awful lot of potential security weak spots.
“We appreciate that the nuances of IT equipment specification, equipment funding and the development of robust IT policies are, perhaps, not the highest priorities for schools,” added Dawson.
“In the academic world, it is not unusual to find old systems and software in use, or system users like students and parents that aren’t subject to training regimes and policy compliance.
“In addition, these users might be using their own devices to access systems or manipulate data when they haven’t even been vetted.”
Thus, Maxxia’s guide – which can be downloaded here – offers advice and explanations on everything from bots to attacker psychology, ransomware to phishing.