Why is education the new playground for ransomware?
Posted by Daniel Fuller-Smith on 27/08 at 10:00 AM Education, Security, Web filtering,
Ransomware threat to education sector

The year 2020 saw the pandemic affect schools, colleges and universities in a way no one would have thought possible. As lockdown kicked in, students and teachers were sent home and told to set up for remote working. While teachers were trying to meet the curriculum needs, cyber-criminals began increasing their ransomware attacks on school networks to cause major disruption and data loss.

There have been many cases of education establishments being affected by ransomware in the news. The University of Portsmouth had to suspend its IT services for more than 10 days* in April 2021 when an attack was timed to coincide with start of the summer term. While universities are a high value target, primary and secondary schools have also been affected by ransomware with attacks on devices used by a school in London** which left 30,000 pupils without access to their remote learning platform.

All the ransomware attacks resulted in some form of data loss, while backups and applications were also encrypted. In some cases, the criminals threatened to release the sensitive student and teacher information online if the ransom wasn’t paid. This type of double extortion threat has been an issue for businesses held to ransom but now the education sector is fast becoming their playground and once that data is lost it can be traded for years on the dark web.

Security experts*** have highlighted the level of research being done by criminals to ensure their attack has the highest potential of success!

Why criminals targeting schools, colleges and universities?
Universities and schools are using a large number of online platforms to support remote learning, attendance, meal tracking, staff attendance, etc. They are becoming more dependent on a computing infrastructure to support their daily functions and a well-timed phishing attack can intercept a single username and login, which would gain them access to any or every one of these platforms.

Universities also hold a vast amount of research data, innovative project information and intellectual property that has been developed by the most aspiring minds. This provides criminals with high-profile targets to infiltrate and hold data for ransom or steal and sell it.

Schools and universities are susceptible to ransomware, malware and phishing attacks, not always because their network isn’t protected, but due to lack of staff training to spot the illicit activity. They are not used to being targets for cyber criminals, but this has changed in the last two years.

They need the right security technology in place and staff may need additional training to identify and report any activity while working on site or at home.

What steps can you take to defend yourself?
One of the first quick steps in your school or university’s defence should be setting up multi-factor authentication (MFA) on all platforms. The simple introduction of MFA can greatly reduce the threat of password theft by using staff members’ mobile phones, personal emails or additional devices as a secondary authentication device.

Investing in a DNS security service, such as Cisco Umbrella, can provide the first line of defence against cyber threats. The school can proactively protect students, staff, and guests so they can safely use the internet, anywhere they go. Cisco Umbrella protects all users by forwarding all traffic through its DNS protection silos. Cisco Umbrella not only scans for compromised websites, but also stops man in the middle and ransomware attacks from happening in the first place.

In addition to the above, Cisco Umbrella as takes advantage of Cisco Talos, which is a live (real people) service that checks real-time, zero-day attacks. These new methods are then added to Cisco Umbrella as a targeted threat so that its users can be protected against them.

While teachers may need to work from home, they should all use a virtual private network (VPN) to log in securely. The threat levels decrease significantly by using a VPN which creates a secure tunnel across the internet between staff devices and school network to give them access to all their applications with a reduced risk. 

Ensuring your data is always backed up is key for any educational organisation. You can choose between traditional on-premise or cloud services to safeguard your data, secure it with layers of authentication and the ability to rapidly reinstate it in the event of an attack.

During or post-attack your email system could be compromised and offline so it’s essential to have an incident communication protocol in place. This could rely on using your telephone system or mobile devices to communicate with the senior leadership team (SLT), teachers and parents depending on the incident.

As part of the school curriculum, you provide pupils with information on being safe online as part of your safeguarding responsibilities; the same should be done for staff. Additional training on how to identify a phishing email can significantly decrease the risk of a cyber-attack affecting your network and causing disruption to the school.

We have seen schools be reactive to ransomware rather than proactive, and when it happens to them, they rely on central government to either pay for the encryption key or provide them additional protection to stop it occurring again. In any case, they may have lost numerous days of time with students or, worse still, lost sensitive student and teacher information.

Schools that invest in proactive measures in detection, remediation, backup, and incident response can ensure they safeguard their students in the classroom and learning at home.

To find out more about the services we can provide to the education sector please contact me directly or email education@swcomms.co.uk for more information.

* https://www.portsmouth.co.uk/education/university-of-portsmouth-beefs-up-it-security-after-cyber-incident-as-campus-reopens-3207773
** https://www.bbc.co.uk/news/technology-56569873
*** https://www.itpro.co.uk/security/hacking/360395/number-of-hacking-tools-increasing-as-cyber-criminals-become-more-organized

Posted by
Daniel Fuller-Smith's avatar
Daniel Fuller-Smith on 27/08/2021

Daniel is one of our senior Account managers, based in our Portchester office, near Portsmouth, covering the south and south east of the UK.

Daniel has had a long relationship with the business as he managed Toshiba’s EMEA division and when Toshiba exited the comms market in 2016, Toshiba engaged with swcomms to help continue to support their base and he joined us shortly afterwards. He has since embellished his skills and knowledge to encompass our entire telephony and data portfolio.

In his spare time, Daniel is the manager of a County League U18s team at Upper Beeding FC. Daniel has twice been recognised by Sussex FA in the FA National Awards’ Grassroots Volunteer of the Year category in 2013 and 2016.

Contact: Daniel.Fuller-smith@swcomms.co.uk

Contact us now

Send us a message