Proactive not reactive: adjusting the approach to cybercrime in education

The education sector has become one of the most heavily targeted industries for cybercrime in the UK over the last year. The threat profile in the sector has changed dramatically since the move towards remote learning with the number of attacks rising year on year.

The start of the new school year was no exception – as students returned in September, there was a dramatic surge in cyberattacks against education providers. Schools in Suffolk, Hertfordshire and London fell victim to breaches that took them offline for multiple days and affected thousands of children.

The incidences of attacks on education providers have been so high that the Department for Culture, Media and Sport has advised that education providers are more likely to fall victim to a cyber breach than the average UK business this year.

Over the last 12 months, 63% of senior schools identified an attack of some kind with 61% of institutions experiencing a negative outcome like a loss of money or data.

In 2021 individual education institutions were estimated to have experienced an average of 1,739 cyber-attacks every week. In 2022 this number rose to a weekly average of 2,653 attacks. Chris Cope, cybersecurity expert and Director of OX IT Solutions insists this worrying trend is only set to continue for the rest of 2023.

“As it has in many other industries, the cyber threat risk has risen dramatically in the education sector,” said Mr Cope. “With a shift towards virtual classrooms and an increased reliance on technology, the industry has become an obvious target for cybercriminals.

“The numbers of phishing scams, malware attacks, distributed denial of service attempts and data breaches are rising at an alarming rate.

“Schools need to be proactive in their approach to cybersecurity not reactive. Stopping a cybercriminal in their tracks and preventing an attack is far easier than picking up the pieces after one.”

From the personal data of students and staff to financial information and research, the volume of sensitive information at stake has encouraged threat actors to turn to the education industry as a desirable target.

Technological advancements and a reliance on remote learning have widened the attack surface for cybercriminals. With both students and staff relying on unsecured remote access, institutions across the country have opened themselves up to new levels of cyber threats.

Mr Cope explained:

“Cyber-attacks can cause long-term reputational damage and have a detrimental effect on students’ learning outcomes. To minimise disruption for students it’s crucial all schools and education providers implement robust cybersecurity defences to help reduce the risk of a breach.

“All schools at a minimum should be following basic cyber security hygiene principles. This includes strict password management controls, multi-factor authentication and basic staff training. Upgrading firewalls and securing endpoints are also vital steps in mitigating the risk of a breach.

“The government backed Cyber Essentials certification scheme is a good place to start for most schools and colleges. Cyber Essentials protects you against 80% of common cyber attacks and offers peace of mind that your data and assets are well-protected.”

OX IT Solutions specialises in providing network, infrastructure and cyber security solutions. It works with schools, local authorities, major blue-chip companies and SMEs. Its clients include Sandwell College, ASSET Education and Cokethorpe School.