Deryck Mitchelson, Field CISO at Check Point and former NHS Scotland CISO, is warning the UK’s education sector that it is currently facing an average of 1,801 weekly cyberattacks and urges schools and colleges to increase their cybersecurity efforts.
Recently, the ransomware group, Vice Society, attacked multiple schools in the US and UK, including Test Valley, Buntington First School, and Harpenden Academy. The ransomware attacks resulted in confidential data being posted on the Dark Web, putting over 4,500 students at risk.
High profile attacks
This focus on the education sector is not new, with Check Point’s 2022 Mid-Year Report, reporting a 44% increase in cyberattacks against this industry worldwide, when compared to 2021.
British school De Montford also fell victim to a ransomware attack earlier this year
This year there have been high-profile attacks on the Los Angeles Unified School District as well as the Chicago public school system, that exposed four years’ worth of records of nearly 500,000 students and just under 60,000 employees. And before the recent spate of attacks by Vice Society in the UK, British school De Montford also fell victim to a ransomware attack earlier this year. Part of the appeal is the sheer number of personal details. In most companies users tend to only have employees whereas academic institutions don’t just have employees like teachers and lecturers, they also have students.
Personally identifiable information
With so many more people, this makes networks in the sector much bigger, more open, and more difficult to protect. Plus, that also means there is so much personally identifiable information (PII) that can be used for financial gain.
Mitchelson commented: “Academic institutions are currently sitting ducks. Our research team’s monthly threat index has found education to be the most impacted sector for the whole of 2022. It’s clear that cybercriminals are finding these attacks fruitful, and schools and colleges should be preparing for the rate of these attacks to increase even further.”
Multi-factor authentication
This combination of a lack of understanding and ignorance has contributed to the perfect storm"
“Students are not employees, they use their own devices, work from shared flats, and connect to free wi-fi without necessarily thinking about the security risks. This combination of a lack of understanding and ignorance has contributed to the perfect storm, giving hackers free run."
"While Vice Society is clearly on a mission to target more and more schools, it’s critical that action is taken now to prevent it from happening. A ransomware attack should not just be seen as an inconvenience, it could potentially result in a school being closed down, as was the case with Lincoln College that we saw earlier this year.”
“There are technologies than can allow universities, colleges, and schools to be more secure without disrupting student education. By choosing to adopt a prevent-first approach and by integrating best practices such as network segmentation, multi-factor authentication, and endpoint security, academic institutions can begin to fight back against malicious cybercriminals.”