From education to employment

Securing Education: How Resource-Strapped Colleges Can Fight Back Against Cyber-Attacks

Andy Le Grice, Security Practice Lead at ITGL

In this article, Andy Le Grice outlines the challenges that UK colleges currently face in securing their institutions against cyber-attack, and the potential steps they can take to effectively improve their security posture within the tight constraints of the Further Education sector.

It’s no wonder that cyber security is front of mind for much of the Education sector. According to the government’s recently-published Cyber Security Breaches Survey 2023, more than four in five UK colleges have identified breaches or attacks within the last 12 months, with roughly a third reporting such incidents occurring on a weekly basis.

This is clearly an unsustainable situation, and one that’s partially due to the low security posture that colleges have traditionally held. However, as resources and personnel continue to be stretched at many institutions, it’s not a problem with an immediately obvious solution.

Strengthening Cybersecurity in Further Education

As a technology consultancy specialising in the public sector, we at ITGL are very aware of the tight budget constraints that colleges face, and how the continuing global deficit in cyber professionals has resulted in a skills gap across the industry.

To help bolster the security posture of the Further Education sector, we‘re holding a free digital event on 18th May 2023, highlighting the most common and urgent vulnerabilities present in institutions’ defences, as well as demonstrating best practices and proactive steps that colleges can take to better secure their networks and infrastructure, ensuring that their limited resources are managed to receive the best possible return on investment.

Colleges are, by design, very open institutions. On any given day, they will be providing network access to hundreds – or thousands – of students, faculty, guests, and staff. This ease of access is vital for the day-to-day operation of the college, but left unmanaged it can also leave them open to the possibility of attacks that originate from inside their networks.

Network access controls can be implemented across an institution’s networks to directly combat this; users and devices can be authenticated and authorised before they are granted access to the network at any level, ensuring that only trusted users can access more sensitive resources. At the same time, users without the same level of authorisation – such as students and guests – can be filtered onto a more public-facing network designed for such devices.

Posture checks can continuously be made on devices, ensuring that compromised devices are kept off sensitive networks, while improving the security posture of those devices that are connected, by requiring that firewalls are enabled, operating systems and browsers are updated, and endpoint security is active.

The Threat of Phishing in Further Education

While colleges often aren’t seen as high-value targets for complex or sophisticated cyber-attacks, the frequency with which they experience an attempted breach or attack shows that a sufficiently low-security posture can be reason enough for outside threats to act. Phishing is so prevalent in modern life that its presence in Further Education is no surprise – in the previously referenced Cyber Security Breaches Survey, 91% of colleges that had identified breaches or attacks reported that phishing was among the methods used.

The positive side of this news is that, because the vast majority of phishing occurs via email, some basic steps can make a substantial difference in this regard. By utilising best practices when setting up an institution’s email services (such as implementing the DMARC email standard, and the application of threat intelligence and content analysis), the volume of malware and phishing emails that make it to a user’s inbox can be cut drastically. When combined with consistent, clear end-user training and good cyber awareness, the effectiveness of phishing as an attack vector is diminished further.

Of course, we recognise that all of this is of limited use to colleges without the organisational bandwidth to implement these measures. Very few colleges have the capacity to offer dedicated cyber security roles, and the global shortage of experienced cyber professionals means that they would struggle to fill such roles if they did exist.

ITGL Cyber Assist: Support for the Education Sector

Services like ITGL’s Cyber Assist are designed to help bridge the gap between a college’s in-house IT team and the pricier fully managed services on offer. We can help to assess, improve and test college security procedures, and train both staff and students in cyber security awareness.

We encourage anyone interested in hearing more to join us digitally on 18th May. You can book your tickets for the webinar at our event page.

By Andy Le Grice, Security Practice Lead at ITGL

FE News on the go…

Welcome to FE News on the go, the podcast that delivers exclusive articles from the world of further education straight to your ears.

We are experimenting with Artificial Intelligence to make our exclusive articles even more accessible while also automating the process for our team of project managers.

In each episode, our thought leaders and sector influencers will delve into the most pressing issues facing the FE sector, offering their insights and analysis on the latest news, trends, and developments.


Related Articles

Responses