Schools and colleges have lost financial records, students’ coursework and Covid-19 testing data during a recent “spike” in cyber attacks targeting the education sector.
The National Cyber Security Centre (NCSC), part of GCHQ, yesterday published an alert warning colleges and other education settings to take further precautions to protect themselves against ransomware following “an increased number” of attacks since late February.
It comes a week after South and City College Birmingham, which teaches 13,000 students, was forced to shut its eight campuses following a “major” ransomware attack that disabled its core IT systems.
Cyber attacks a ‘growing threat’
Paul Chichester, director of operations at NCSC, said the targeting of the education sector by cyber criminals is “completely unacceptable” but is a “growing threat”.
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them, the NCSC explains.
The data is usually encrypted and may be deleted or stolen. Following the initial attack those responsible will “usually send a ransom note demanding payment to recover the data”. Payment is usually requested in the form of crypto currency.
The criminals also threaten to release sensitive data stolen during the attack if the ransom is not paid.
The NCSC added: “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to Covid-19 testing.”
The cyber security experts said the attacks can have a “devastating impact on organisations” and may require a significant amount of recovery time to reinstate critical services.
Eighty per cent of further/higher education institutions identified a cyber security breach or attack in the 12 months prior to the end of 2019, according to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2020.
There has been a rise in attacks since late February 2021 “when establishments were preparing to welcome students back to the classroom”, the NCSC said.
The security centre added it could not release exact figures for the number of attacks conducted due to operational reasons.
However, it stated the attacks have caused varying levels of disruption and “there is no reason to suspect the same criminal actor has been behind each attack”.
So what can colleges do?
The NCSC recommends education providers to not encourage, endorse or condone the payment of ransom demands.
It warned the “payment of ransoms has no guarantee of restoring access or services and will likely result in repeat incidents to educational settings”.
The NCSC recommends a ‘defence in depth’ strategy in order to defend against malware and ransomware attacks.
The advice includes effective vulnerability management, installing antivirus software and implementing mechanisms to prevent phishing attacks.