Cyber-attacks in education aren’t new, but amid the sharp increase in remote learning and virtual classrooms in 2020, the sector has endured a ‘record-breaking’ year. The UK Government Department for Digital, Culture, Media and Sport (DCMS) revealed that 41% of primary schools suffered a data breach over a 12-month period. At the same time, 76% of secondary schools and 80% of higher education institutes also suffered at least one data breach.
Schools are an ideal target for today’s hackers; they are a goldmine of personal information that’s rarely protected by the same level of cybersecurity budgets, resources, technology and practices that are available to many private enterprises. Educational institutions also manage sizeable budgets that malicious entities are keen to get their hands on.
Paul Chichester, director of operations at the UK National Cyber Security Centre (NCSC), recently said the targeting of the education sector by cybercriminals is “completely unacceptable”, deeming it a “growing threat”.
The rise of ransomware attacks on education institutes
One of the biggest threats to schools is ransomware attacks, whereby hackers gain access to data, steal it and as the name suggests, demand a ransom to release it. Ransomware attacks during the pandemic have resulted in schools losing financial records, as well as students’ coursework and COVID-19 testing data. In March this year, an attack on multiple schools left 37,000 pupils unable to access their email. The Harris Federation, which runs 50 primary and secondary academies in and around London had to temporarily disable email while it dealt with the attack.
Given this spate of ransomware attacks on schools, the NCSC was also forced to issue a special alert. The Department for Education (DfE) wrote to school leaders stating, “it’s vital that [schools] urgently review existing defences and take the necessary steps to protect your networks from cyber-attacks”.
At the same time, schools, colleges and universities are being forced to collect more information digitally and with new and evolving data protection laws, along with the threat of financial penalties for noncompliance, the pressure is mounting.
A new approach is needed
The problem is that the traditional approach to cybersecurity isn’t working. The ordinary castle and moat method used to keep the cyber criminals out is failing us as hackers will always find a way to get through. Detecting their malicious activities isn’t enough. The truth is, solutions such as signature-based antivirus solutions are reactive and only work on known threats that have already happened. And it doesn’t matter how strong the backup and recovery plans are, in most cases it’s simply too late.
It’s time to do away with all the complicated security hardware and software that only works by looking for the bad stuff – such as malicious code running on your devices – and instead use tools that can detect if something is not authorised and stop it from running. This solution is known as Application Control and with the power of advanced machine learning and AI technology, it provides a zero-tolerance approach to both known and unknown threats. That means, if someone at home, in the classroom or in the office clicks on a malicious link or opens a rogue document that tries to install malware – including ransomware – it will simply not be allowed to run.
It’s the bouncer at the nightclub approach: ‘If you’re not on the list, you are not coming in’. No argument. Simple.
Grant programme for every school
Dr Ngair Teow-Hin, the founder of SecureAge Technology has roots in research and education, and understands the importance of making the best cybersecurity solutions as accessible as possible. So, drawing on the company’s 18+ years of experience protecting governments and large enterprises, SecureAge Technology is offering a grant programme that gives educational institutions access to a safer and more productive environment for online research and learning – all without causing a burden to IT budgets, employees or students.
Any educational institution that signs up for the grant programme gains unlimited access to SecureAPlus Pro, an intuitive AI-powered endpoint protection platform for Windows workstations and servers, at absolutely zero cost and with no time limit.
For more information about the SecureAge Grant Programme and to complete the simple registration process, click the link below.