Ransomware and phishing attacks: how do you protect your school from cybercrime?
By Sonia Older
28 September 2021, UK
What does a data security incident mean for the education sector?
It’s reported there is a data security incident every 46 seconds on organisations across the UK, the chilling result of an exponential rise in security threats. Cyber-crime soared because of the global pandemic, which saw rates surge by 667% - the largest increase of phishing, SMSishing and social engineering attacks on record.
The important thing to remember about the cybercrime industry is that nothing is off-limits. No matter how beneficial sectors such as education are within society, they will always be worthy targets for cybercriminals who pay little regard to the consequences of their actions. Schools and higher education settings continue to be high-value targets for criminals, given the level of personal data held and processed each day, making it incredibly important to ensure that you are well equipped to prevent any kind of cyber-attack.
What are the current 2021 cyber security threats affecting the education sector?
Ransomware attack: What is Ransomware and how it works?
Without doubt, the largest threat is a Ransomware attack - a specific type of Malware (malicious software) that encrypts your files and demands a ransom to be paid to regain access. Often the ransom continues to rise and there is no guarantee that all your files will be returned if it is paid.
Education settings are particularly favourable targets as they prove to be less able to stop sophisticated attacks. Over the past 18 months, the rapid switch to remote learning made the education sector more dependent on IT systems than ever before. But the sharp increase in workloads piled the pressure onto IT teams and security become less of a priority in the rush to get pupils online.
In a report carried out earlier this year by reputable cyber security leaders Sophos, the education sector was found to have faced the highest level of ransomware attacks:
- 44% of education organisations were hit by a Ransomware attack, above the cross-sector average of 37%
- Over half (58%) of the education organizations hit by ransomware said the attackers had succeeded in encrypting their data.
- Ransomware attack is only successful for the criminal if the ransom is paid, its reported that over 35% of education organisations paid to get their data back.
- Sensitive data: educational establishments hold a lot of sensitive PII (personally identifiable information) on pupils and their next-of-kin, such as health records, financial details and contact information. This kind of data is highly valuable in the world of cybercrime as it can be sold for profit and can be used to form highly targeted phishing attacks, equalling higher success rates and profit.
- Financial gain: any organisation that is funded or generates revenue is a worthwhile target for cybercriminals.
- Less secure: typically, cybersecurity is seen as less of a priority in schools due to limited funds and other more important areas of expenditure.
- Outdated IT: technology such as servers and operating systems are typically out of date, therefore left unpatched and easily accessed by criminals.
- Pupils: sometimes schools or universities are targeted to gain access to the contact information of its pupils. Students – typically those in secondary or further education with their own email accounts or mobile phones - are likely to be more vulnerable to phishing attempts as they are less aware of the risks posed by cyber-attacks.
Removing Ransomware and restoring files is one of the most difficult tasks in cybersecurity today. Though it is wise to ensure you have a number of regular backups, it is not recommended to solely rely upon this to solve the problem. The cost of downtime alone far outweighs the cost to prevent these attacks from happening in the first place.
Spear phishing attack
Phishing emails have evolved. The threat no longer lies with spam or generic scams such as competition prizes and banking emails. Highly targeted phishing emails known as spear phishing attacks are the most popular modern threat. This is where criminals do background research to find compelling details such as familiar names, email addresses and content that is relevant to you as an individual. They then target you with seemingly legitimate phishing emails to either farm sensitive information or gain access to a school’s critical IT systems.
Examples include emails impersonating school governors, perhaps asking you to open or click a link to view and important documents, emails from the local education authority announcing a change in policy that could affect your setting, or emails impersonating students and their families.
Students can also be targeted. The Student Loans Company has recently issued a warning to students starting university this month to be on guard for phishing and fraudulent scams, as it prepared to pay over £2 billion in maintenance loans. Fraudsters are known to target students with fake emails and text messages around loan payment dates in an attempt to get them to give over personal details.
Clicking a malicious link or attachment in a phishing email can be all it takes for an attack to be successful. This could initiate the download of Malware or send the victim to a phishing website used to harvest information such as login credentials or finance details.
SMSishing (SMS Phishing)
Similar to phishing emails, SMSishing attacks have exponentially increased over the past 12-24 months. Criminals use text messages as their attack vector to send short but effective messages to individuals, looking to trick them into clicking a malicious link or providing sensitive information. Messaging apps such as WhatsApp are also now being exploited to deliver these types of attacks.
If your staff have work-purpose mobile devices or access to your IT systems via their personal devices (such as email access), this can be a huge risk as falling victim to a personal attack could allow cybercriminals access to your critical files and applications.
If it isn’t a phishing email or text message that you are receiving, it is likely to be a phone call. Criminals are prepared to go to these lengths to force an employee to divulge information if you are being targeted. This method is responsible for some of the largest data breaches in modern history, such as the attack suffered by Twitter in 2020.
Why would a cyber-attack happen on a school?
How do you protect your school from cybercrime?
So, how do you protect your school from cybercrime? Cyber security is more important than ever. A layered approach to cybersecurity is without doubt the best way to build the best possible defence against cybercrime.
- Ensuring staff members are regularly trained - keeps staff vigilant towards the latest threats can sometimes go overlooked. Cyber Security Awareness training provides a unique, fully managed service which raises staff awareness towards targeted cybercrime.
- Vulnerability exposure should be the first consideration in your school’s security strategy. Understand where your current vulnerabilities are with a Vulnerability Assessment and test how robust your cyber security posture is with Penetration Testing.
- Invest in a good email security platform to start filtering out spam and malicious emails. Vipre, Mimecast and ProofPoint are all recommended as high-level solutions.
- Having multiple steps of authentication across your network and applications is a simple and effective way to prevent unwanted attackers from gaining access.
- Use a ‘next-generation’ endpoint solution to prevent devices from executing Malware. This is an essential solution to prevent Ransomware from affecting your school or college.
- Prevention should always be key, though your establishment should also have an incident response plan ready in case the worst is to happen. Cyber security experts such as Focus Group offer a free incident response to any educational setting that suffers a breach.
- Though the underlying message is that technology can help keep an organisation secure, it is as much the employee’s responsibility to be cyber-aware and vigilant as it is the technological measures you put in place to protect the school from falling victim to an attack.
Get protected from cyber threats
The cyber security experts at Focus Group are happy to help and provide advice on the right technology, training and cyber security services to protect your school, college or university. Give them a call on 0330 024 2007 or book a cyber security consultation.