From education to employment

Cloud Integration: The Answer to the Education Sector’s Cybersecurity Woes?

Stephen Croke

This article assesses the current state of cybersecurity in the education sector, highlighting its vulnerability to cyberattacks. Through case studies, we delve into why cybersecurity expertise in schools is so important and provide recommendations for improvement. 

In an age dominated by digitisation, computer literacy has become an essential skill. Increasingly, educational institutions lead the way, fostering a passion for technology through collaborative learning experiences and adopting innovative teaching methods. Technology has enhanced the education sector in innumerable ways. 

The internet has provided a vast repository of global knowledge and resources, available to students at the touch of a button. Interactive games and simulations can be incorporated into lesson plans to provide a more engaging experience and adaptive learning platforms can be used to tailor content and lesson plans to the needs of individual students. 

The unrelenting march of digitisation, however, also presents challenges. In recent years, the educational sector has become increasingly vulnerable to cyber-attacks. According to a 2022 audit conducted by the National Cyber Security Centre, in fact, over three-quarters of schools have now fallen victim to at least one cybersecurity incident. 

In January, 14 UK schools were hit by cyber-attacks by a notorious hacking group known only as Vice Society. The attack targeted sensitive and confidential information, with an estimated 500GB of data leaked to the public. Since late 2022, Vice Society has been disproportionately targeting the education sector with cyber attacks, according to the FBI. 

Vice Society frequently targets backups and exfiltrate data from compromised systems, pressuring victims to pay both for their data to be decrypted and to avoid then having this data leaked to the public. This tactic is known as double extortion. Hackers targeted both schools and universities across the UK, including London’s prestigious School of Oriental and African Studies (SOAS). 

SEN information, staff contracts, staff pay scales, and, most worryingly, passport scans of all students registered between 2021 and 2022 were all compromised in the attack. Experts suggest that the full impact of the attack will not be known for several years, until the students to whom the passports belong turn 18. If measures are not taken to prevent identity theft before this, passport scans could be sold by cybercriminals for the purpose of identity theft and financial fraud. 

Educational institutions are constantly at risk of attack by cybercriminals. Vulnerable endpoints, combined with limited cybersecurity training and a veritable cornucopia of valuable data assets, make schools and universities an attractive target for hackers. Data breaches, particularly at universities, can also have a significant impact on the wider community. Just last month, a ransomware attack at the University of Manchester compromised the sensitive information of over a million NHS patients. An estimated 250GB of data was accessed during the attack, including that of patients impacted by major trauma and terror attacks, gathered by the university in 2015 for the purpose of research. This data may yet be leaked to the public. 

Why is the education sector particularly vulnerable to cyber-attacks? 

Over the past decade, schools, colleges and universities have adopted digital infrastructure, online learning platforms, student databases and administrative systems at a rapid pace. Unfortunately, the vast majority of educational institutions lack the expert knowledge and dedicated staff to securely implement and maintain this infrastructure. 

Laptops, tablets and smartphones, frequently borrowed by students and connected to numerous public WiFi networks with little thought of associated risks, often lack up-to-date security measures, making them susceptible to exploitation by hackers and cybercriminals. 

Budget constraints exacerbate this issue, with limited funding resulting in a lack of investment in cybersecurity training and infrastructure in many schools, colleges and universities. Weak passwords and improper data handling are rife, making educational institutions extremely susceptible to attack. 

Schools, colleges and universities also stockpile an abundance of sensitive data and private information, collected from students, staff members and, on occasion, the general public. The storage of this data, often in systems lacking sufficient security measures, entices hackers. 

Proper investment in cybersecurity training is critical

Cyber threats are evolving constantly, with criminals using highly sophisticated techniques to exploit vulnerabilities in infrastructure and cybersecurity knowledge. Educational institutions must invest in cybersecurity training, empowering staff members to guard against, recognise and respond to threats effectively. By doing this, schools, colleges and universities can empower their staff to become a critical line of defence against cyber threats and attacks. Investing in cybersecurity training may seem like a daunting prospect, but it will likely lead to cost savings in the long run. 

Security breaches are commonly caused by human error, which includes falling victim to phishing emails, the use of weak passwords and the mishandling of confidential data. With proper cybersecurity training, educational institutions can mitigate human error, reinforcing security protocols and clarifying best practices for the handling of data. 

When a cyberattack occurs, ensuring a swift and measured response is crucial. Responding quickly means that an attack can be identified and isolated, reducing the likelihood of it spreading across the entire network, containing the damage and protecting sensitive data. It can also enable investigators to gather evidence, engage specialised experts, restore services and notify stakeholders. 

Educational institutions are also subject to stringent regulations and guidelines which specify how data must be protected. Cybersecurity training should include reference to these regulations and clearly explain the responsibility of staff members in complying with them.  

Short-term measures to protect educational institutions against attack 

Multi-Factor Authentication (MFA) 

MFA should be enabled for all accounts, from library access and email accounts to student databases. Enabling MFA is a very simple, yet effective, way of guarding against data breaches. Even if passwords are compromised, unauthorised access is thwarted, as users will need to confirm login using a one–time code sent to a mobile device. 

Update software regularly 

All software, which includes apps, antivirus programs and operating systems, should be updated regularly. A record of updates should be made. Updates often include new security patches, designed to combat cyber attacks. 

Make sure to back up critical data 

Regular data backup is crucial. Critical data should be backed up and stored securely offline or in an isolated network. All data should be stored in compliance with relevant GDPR regulations. As we mentioned earlier, cybercriminals often employ double exploitation tactics. Having an up-to-date backup of critical data removes the need to pay a ransom to have the original data decrypted. 

Develop, implement and maintain strong password policies

Although it goes without saying that strong passwords are integral to cybersecurity, they are too often neglected. Make sure to develop, implement and maintain strong password policies. Encourage staff, students and administrators to use strong and unique passwords for their accounts. Passwords should use a combination of lower and uppercase letters, symbols and numbers. Enforce regular password changes. Passwords should not be associated with names. 

Segment networks 

A school’s network should be segmented into different zones. This limits the lateral movement capabilities of cyber attacks, allowing more time to respond to them. Even if one part of the network is compromised by hackers, access will be limited, significantly reducing the overall impact of an attack. 

Use web filtering, and implement user access control 

Web filtering, such as OpenDNS, should be used to block access to known malicious websites. Web filtering services are also useful for blocking inappropriate content. This prevents those less tech-savvy from accessing potentially harmful websites or downloading anything malicious. Implement user access control policies. This limits an individual’s data access to data specifically needed for their role. Only authorised personnel should be given administrative privileges. 

Develop, implement and maintain an incident response plan 

All educational institutions should develop and implement an effective incident response plan, outlining crucial chronological steps to be taken in the event of a cyber attack. An incident response plan should include key responsibilities for staff members, communication procedures, and essential steps for the identification of attack, containment and recovery. Incident response plans should be tested frequently to ensure relevance. 

By Stephen Croke, Head of Business Development at CirrusHQ.

Related Articles