From education to employment

93% increase in cyberattacks targeting the UK’s education sector

As back-to-school begins, Check Point Research (@_CPResearch_) found the education sector to have the highest volume of cyber attacks for the month of July. Cyber criminals are seeking to capitalize on the short-notice shift back to remote learning driven by the Delta variant, by targeting people of schools, universities and research centers who log-in from home using their personal devices.

  • Global education sector saw a 29% increase in cyber attacks, and an average of 1,739 attacks a week, in July, compared to first half of 2021
  • Top 5 most attacked countries were India, Italy, Israel, Australia and Turkey
  • UK/Ireland/Isle-of-Man region experienced a 142% increase in weekly cyber attacks targeting the education sector; East Asia region marked a 79% increase

Check Point Research (CPR) sees an increase in cyberattacks against the global education sector, as back-to-school season gets underway. During the month of July, the education sector experienced the highest volume of cyber attacks compared to other industry sectors that CPR tracks, with an average of 1,739 cyber attacks documented per organization each week, marking a 29% increase from the first half of 2021.

Most Targeted Countries: India, Italy, Israel, Australia and Turkey

The table below shows the number of weekly cyber attacks in July on the education sectors for India, Italy, Israel and Australia, as well as the percent increases compared to the first half of 2021.



# of Weekly Cyber Attacks in July

% Change from H1




+ 22%




+ 70%




+ 51%




+ 17%

Weekly attacks per organizations by country  (July 2021 compared to first half of 2021)

Tom Kendrick, EMEA security evangelist at Check Point Software:

“Cyber criminals are looking to capitalise on this year’s back-to-school season. We found that the education sector was attacked significantly more compared to other industries in the month of July. Schools, universities and research centres make for attractive targets to cyber criminals because they are often under resourced from a security perspective. The short-notice, on-and-off shift to remote learning exacerbates the security risk. With so many students logging on from their home networks using their personal devices, the current back-to-school season presents a range of new security threats that many aren’t prepared to address. Organisations in the education sector should be proactive in their protection strategies. It’s important to constantly change and strengthen your passwords and use technologies that prevent cyber attacks, such as ransomware.”

Cyber Safety Tips for Academia, Staff and Students

  • Strengthen passwords. Passwords matter – it is a good idea to review and strengthen passwords that you use for logging onto remote resources, such as email or work applications.
  • Be phishing-aware:be wary of clicking on links that look in any way suspicious and only download content from reliable sources that can be verified. Remember that phishing schemes are a form of social engineering so if you receive an email with an unusual request, check the sender’s details carefully to make sure that you are communicating with colleagues, not cyber criminals.
  • Reduce attack surface: A common approach in information security is to reduce the attack surface. For endpoints, you need to take full control of peripherals, applications, network traffic, and your data. You need to encrypt data when it is in motion, at rest, and in use. It is also important to make sure you enforce your corporate policies to achieve endpoint security compliance
  • Use Anti-ransomware. This technology allows you to detect signs of ransomware and uncover running mutations of known and unknown malware families by using behavioral analysis and generic rules
  • Contain and remediate. Contain attacks and control damage by detecting and blocking command and control traffic and prevent the lateral movement of malware by isolating infected machines. You can then remediate and sterilize your environment by restoring encrypted files, quarantining files, kill processes, and sterilizing the full attack chain.

Related Articles