By Mark Scott, CEO at Cantium Business Solutions
The last eighteen months have been particularly challenging for the education sector. It’s clear that the shift to remote learning has left many schools feeling vulnerable and unprepared to protect themselves against cyber criminals. Despite this, there is a lag when it comes to tackling this rapidly emerging challenge. There are many reasons for this, but one challenge I see more often is the challenge of perception. If this problem is not recognised, by leadership, staff and students, then for all intents and purposes, it doesn’t exist. Here is why that needs to change.
Schools are key targets for cyber crime
During times of national crisis, opportunities for cyber attackers are abundant. Confusion and a rapidly changing way of learning contributed to vulnerabilities in a system that was already facing challenges, financial or otherwise.
We recently conducted a survey of over 500 decision-makers in education. It revealed that two-thirds (66 percent) of UK schools surveyed are claiming to have suffered a cyber-attack in the last 18 months. Amidst anecdotal evidence that cyber crime in education has been on the rise for some time, that is concerning. In addition, only 35 percent of our respondents felt strongly that they were well prepared to protect their school against malicious activity in the future.
The statistics match up with what we hear on the grapevine. Naturally, schools are key targets due to the sensitive nature of the data that they hold on students, staff and parents. They are also quite complex as systems, making it difficult to pin down the source of an attack quickly and effectively without the correct measures in place.
Cyber attacks can have a devastating impact, with many schools requiring a significant amount of recovery time to reinstate critical services and secure data at risk. This, as I have seen throughout the past couple of years especially, means that these incidents can garner media attention and attract negative perceptions from parents of children whose data may have been compromised. The effects of an attack extend far beyond the hardware and software that has been breached.
Is cyber crime less of a priority?
We know that those effects, mentioned above, do happen, It has been proven over the past eighteen months that the risk of ignoring such a large-scale issue – is a risk too far. Not only that but recent world events have undoubtedly increased the cyber attack risk level even further. Despite this, we know that a good proportion of schools can’t, or don’t, place cybersecurity as a high priority. For me, that demonstrates that there are barriers to solid cyber protection that need to be overcome. For decision-makers in education, a big part of this is changing perceptions internally. This has to come before you start to advocate for changing long-held practices or purchasing new solutions to bolster your defences.
It’s vital to have all members of staff on board, especially when your challenge is a one of perception. Not only that, but students too have to be educated in how to keep their information safe, especially while at school.
Just this month, eight institutions were awarded by the CyberFirst Schools initiative, led by the National Cyber Security Centre (NCSC), for their work in educating their students in cyber security essentials in the classroom. This shows that the ambition is certainly there for schools in some parts of the country. We need to scale it up to a national level.
The narrative that cyber security is the IT team’s problem must change – we know that many decision-makers feel strongly about the need to protect their institutions’ data, but work needs to be done to win the hearts and minds of wider faculty, extending down to the students they teach. Despite the heightened exposure to cyber attacks, our survey showed that 46 percent of schools believe the cyber threat will not increase further in 2022.
We haven’t seen any evidence that the uptick in cyber attacks is going to fade away any time in the near future. Covid has already placed huge demands on the education sector and having a cyber attack occur, losing access to key files and data, or being unable to teach, is a situation that no one wants. It can’t fall down the priority list.
Future-proofing cyber infrastructure in education
As I look to the future of cyber investment in education, there’s no doubt in my mind that educators should view it as a priority. If the barrier is a barrier of perception, then the work starts there. The longest-enduring changes you can make will be the ones that get everyone on board, not just the changes that make the best financial sense.
As the threat landscape evolves and schools continue to adopt digital technologies, it’s important to invest in cyber security measures, education and expertise that can help protect against malicious activity. Cyber security doesn’t just fall down to the IT department, it’s a mindset and level of awareness that helps to prevent cyber attacks and safeguard staff and pupils.