The Rise Of Ransomware: Why IT Teams Should Be Concerned
Further Education (FE) and Higher Education (HE) Colleges are an attractive target for cyber criminals. As of late May/June 2021, the National Cyber Security Centre (NCSC) is investigating yet another increase in ransomware attacks against colleges and universities in the UK. As such, recent research has highlighted that four out of five education providers have experienced a cyber attack at some point in the previous 12 months. In this weeks blog I explore why education has become a prominent victim and how IT teams can react.
Why is Education a target?
In 2020 numerous FE and HE institutions fell victim to cyber attacks. Ten universities were targeted in the Blackbaud attack, and other attacks targeted establishments including Luminate Education Group, Newcastle University, Dundee & Angus College, and Northumbria University.
Targeted ransomware attacks in 2021 for FE providers included; Cambridge Meridian Academies Trust, The Harris Federation and Ely College. In all incidents, the affected education providers experienced some form of disruption ranging from a suspension of Covid-19 testing to a loss in coursework and interruption to teaching environments.
Education institutions are a key target for cyber criminals due to their IT networks holding the personal information of thousands of students, staff and donors as well as a significant library of intellectual property. This data makes rich pickings for cyber criminals wanting to make money or steal proprietary information on behalf of rival organisations or foreign powers.
Threat actors also know that FE and HE providers wouldn’t be able to operate without IT. It’s vital for attendance, coursework, lectures, libraries, research and finance, not to mention email and internet access. Denying access to these services can and will bring an institution to a standstill and threat actors hope they will pay a large sum to bring IT services back online.
Who is impacted?
Teaching – When an attack strikes, the inability to access documents and online teaching platforms brings teaching to a standstill. Lost data may include coursework and reports, and examination registration or funding deadlines may be missed. This increases stress levels and impacts on mental health.
Students – The inability to access online lectures and files, and to meet grant application and assignment deadlines, causes significant distress. 65% of students say they would be less likely to apply to an establishment with a reputation for poor cyber security*. The financial future of education providers is gravely at risk. (Impact on future careers)
Operations – A cyber attack’s impact can be far reaching. Numerous systems including finance, payroll, access controls, CCTV, and catering can be disabled, leading to the immediate halt in ‘business as usual’.
How are Education providers being infiltrated?
FE and HE institutions face unique challenges in securing their IT networks. Many FE and HE institutions have thousands of users routinely logging onto the network from campus and personal devices. This is further complicated by significant yearly user churn as students graduate and new ones start. Additionally, with Covid-19 in full force, traditional network perimeters have been extended to home working environments making it very difficult for IT teams to control their IT infrastructure.
Further to this, FE and HE providers also rely on suppliers for a range of services. This often requires sharing IT access and data. However, this also opens FE and HE providers to attack via these partners. In 2020, several high-profile institutions had large amounts of data stolen via Blackbaud, a third party software supplier.
How IT Teams can react
The Department for Education wrote to school leaders earlier this year stating it is “vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyber attacks”. As such, IT teams should be continuously monitoring their IT environment and looking for new ways to enhance their information security profile.
At KryptoKloud we believe FE and HE providers need to first get the basics right if they are to protect themselves effectively.
The first step in protecting education institutions IT infrastructure is to understand the threats. Cyber security audits are a valuable tool for education institutions that have yet to identify external risks, the vulnerabilities, their threat exposure rating or simply lack sufficient information to continently assess their specific risks.
KryptoKloud’s bespoke and affordable cyber resilience audit; COBRA possesses the capabilities to identify and assess education providers vulnerabilities and risks, and provides IT teams with a comprehensive report highlighting potential weaknesses, a risk rating and remediation plan to protect your business from cyber threats and attacks.