Under Siege: Ransomware and Further Education in the UK

This article will outline the statistics and convey the current state of ransomware in further education in the UK. It will advocate for robust cybersecurity measures in the sector through a collective approach, involving government agencies, cybersecurity experts, and the institutions themselves.

Chaos, confusion, and exposure of personal information are three things that college and university students and staff would not normally associate with their day-to-day, and nor should they. Unfortunately, a worrying trend of ransomware attacks on the UK’s education sector has encroached upon the safety of our further education system, ushering in a new age of security consciousness in education.

The UK has endured a 103% increase in known attacks in the last year, and education is one of the country’s most attacked sectors.

Mitigating this unwanted rise in attacks is by no means an overnight fix. Careful planning, behavioural changes and consistent education of best practice are required to stem the tide. Fortunately, ransomware protection and cybersecurity awareness in the education sector are evolving, and work to implement preventative measures and strategies is well underway. Collaboration between cybersecurity professionals, government agencies and education boards will help further education’s fight back against cybercriminals.

The state of ransomware in education

As it stands, colleges and universities are at a higher risk of encountering breaches and cyberattacks compared to primary and secondary schools. Educational institutions are susceptible to a broader spectrum of attack methodologies, including impersonation, malware infections, and denial of service incidents. In 2023 alone, 82% of colleges and 85% higher education institutions identified breaches or attacks on their IT systems, which stands in stark contrast to the wider business community, where only 32% of UK businesses reported similar incidents. With this disparity in mind, there is growing concern about the cybersecurity measures currently in place at universities and colleges, highlighting an urgent need for enhanced protective strategies to safeguard sensitive information.

Most notably, a sophisticated attack via a phishing email gave attackers access to over one million NHS patient records. Phishing attacks like these and inadequate cyber awareness among users have been identified as major causes of security breaches. Attackers often use malicious links to access users’ accounts and subsequently compromise the institution’s network​​.

Between June 2022 and May 2023, the UK experienced 28 documented cyberattacks, trailing behind other affected nations such as Canada, Germany and Brazil. However, when it comes to the education sector, the UK was significantly more impacted than other countries. Fifteen percent of the cyberattacks in the UK were aimed at educational institutions, a stark contrast to the lower percentages seen in France (3%), Germany (4%), and even the United States (8%).

Why further education?

Educational institutions, which are repositories of valuable information such as teacher records and financial data, suffer from insufficient security, limited budgets and resources and a hotbed of sensitive information which make them a prime target for online adversaries.

The shift to remote learning during the pandemic has also exacerbated the level of threat, exposing new vulnerabilities in security infrastructure. Lack of preparedness for remote operations led to numerous attacks.

Who’s behind the mask?

One internationally prolific gang almost half of attacks between 2022 and 2023. It specialises in attacking education, with almost half of its reported activity (43%) directed at the sector. The onslaught of attacks creates a significant mismatch between lone, overworked IT staff in higher education and experienced ransomware perpetrators.

The repercussions of these attacks are substantial, with institutions suffering significant financial losses and operational disruption. For instance, affected universities can experience loss of access to vital resources and systems​​. But the impact doesn’t stop there. Last year, hackers employed broad search terms to steal documents as part of their targeting, for example. A folder labelled “passports” was found to hold scans of passports for both students and parents involved in school trips dating back to 2011. Additionally, a folder designated “confidential” included information on the headmaster’s salary and details of students receiving bursary funds.

Closing the awareness gap

Many institutions are taking proactive steps to enhance their cybersecurity posture, with close to 75% of higher education institutions hiring personnel specifically for cybersecurity positions. This is a positive step in the right direction, but wider support from the cybersecurity industry and government is required. There is a critical need to broaden the perspective on cybersecurity within the education sector. A more proactive and collaborative approach between government bodies, educational institutions, and relevant stakeholders is essential. While there are multiple schemes in place to achieve this outcome, a more conjoined approach is missing.

First and foremost, it’s imperative for the relevant parties—government officials, school leaders, IT staff, and policymakers—to fully acknowledge the extent and severity of cybersecurity threats facing the education sector together. Despite the increasing frequency and sophistication of attacks, there remains a gap in awareness and preparedness across the board, making them more susceptible to cyber-attacks but also hampers effective response and recovery efforts.

National and local government bodies must take the lead in elevating the importance of cybersecurity within the education sector. The best approach to doing so involves not only providing funding and resources to implement the right measures, but also setting clear guidelines, policies, and standards tailored to the unique needs and challenges of educational institutions.

Relief amidst the chaos

Integrating cybersecurity education into the curriculum for both students and staff can help to create a culture of cyber awareness. Key tactics might include regular training sessions, workshops, and simulations that prepare all members of an institution to recognise, respond to, and report potential cyber threats.

Companies like Malwarebytes can play a consultative role here, conducting thorough risk assessments, developing and implementing tailored cybersecurity strategies to prevent ransomware, and ensuring compliance with legal and regulatory requirements. What’s more, these firms play a key role in deploying and optimising technology defences, conducting staff and student training sessions to raise awareness about cyber threats, and establishing robust incident response plans. Continuously monitoring for threats and conducting regular security audits ensures that security measures evolve in line with emerging risks.

Establishing collaborative networks and partnerships among educational institutions, cybersecurity agencies, law enforcement, and private sector experts can facilitate the sharing of threat intelligence, best practices, and resources. Such networks can also support smaller institutions that may lack the resources to fully implement robust cybersecurity measures on their own.

The UK’s NCSC provides a wealth of resources, guidance, and tools for educational organisations to improve their cybersecurity posture. Their advice ranges from basic to advanced cybersecurity measures and is a primary source for understanding how to protect against cyber threats in the UK. The Cyber Essentials Scheme, another government-backed, industry-supported scheme, helps organisations protect themselves against common online threats. It offers a clear set of controls that organisations can implement to achieve a basic level of cybersecurity.

The call to action is clear: it’s time for relevant stakeholders to step up, acknowledge the extent of the cybersecurity challenges facing the education sector, and take action to implement robust strategies in response. By fostering collaboration across government, education, and private sectors, we can fortify our defences, close the awareness gap, and secure our educational institutions against what is an evolving and dangerous threat landscape.

By Mark Stockley, Senior Threat Researcher at Malwarebytes