The Educator Magazine UK May- August 2023 - Magazine - Page 39
symptom, rather than the cause’ will
lead to schools constantly being on
the back-foot.
Create a common culture of
action
The lure for cybercriminals
School IT systems are a goldmine
for cybercriminals; once accessed,
scammers can gain access to a
significant amount of sensitive data
about teachers, staff, students, and
even parents. The main reasons for
this include:
• Low staff levels: as staff are
increasingly stretched thin, schools
often lack the capacity and skills
needed for identifying everyday
cyber risks.
• Lack of funding: funding pressures
can divert resources away from IT
support.
• The ability to use parents as
leverage: if initial attacks on schools
don’t work, cybercriminals can target
the parents. This is a growing problem
in the UK, with six schools reporting
that parents had paid ransomware in
2022.
Identifying how weak spots are being
exploited, and where schools can
shore up their defences, will help
schools understand what intrusions
the threat landscape might have in
store for them, and how to fight back.
Infiltrating schools –
how is it done?
While the prevalence of phishing
attacks is a major issue for schools,
ransomware has also been rising on
the threat agenda. Ransomware
attacks pack a large punch for any
organisation, but when malware
prevents a school from accessing its
systems, operations can be put to a
standstill, and the pupils are the ones
that ultimately suffer.
Research shows that out of the 78%
of schools that experienced a cyber
incident last year, 21% said that this
came in the form of ransomware,
with 18% noting they had trouble
accessing important data and
information during that period.
For instance, Vice Society, a
prominent ransomware gang which
represents a persistent threat to
UK schools, breached the largest
state boarding school in the UK,
Wymondham College.
Prevent, don’t react
From disruption and the subsequent
loss in productivity, to the more
extreme cases of files being held for
ransom, the education sector must
secure networks from cyberthreats –
the stakes are too high to be
unprepared.
Being reactive when it comes to
cybersecurity does not work when
you are up against the likes of these
modern ransomware groups. Many
cybercriminals are acutely aware
of how the current systems that UK
schools use function and will prey
upon schools’ rigidity to change.
Therefore, schools must shift their
focus to finding new ways of getting
ahead of the threat. ‘Treating the
Empowering staff to build
relationships with IT and security
teams is central to tackling this issue.
Users will often be reluctant to alert
support staff of issues in good
time, so creating a welcoming
environment for leaders and
decision makers to communicate
with the team can save schools from
an unnecessary headache.
Identifying end users who are most
likely to click on links or open
phishing emails can go a long way.
One-to-one interaction and training
between IT professionals and staff are
crucial - IT administrators can come
in and detect the patterns of the end
user’s activity that led to that system
being put at risk and rectify any
mistakes. However, school leaders
must also make the end users the
champions of spotting cyber risks,
rather than making them feel as if
they are at fault.
Endpoint security solutions,
controlled data recovery and
ransomware insurance are all
valuable surface-level protection
measures, but the key to locking out
cybercriminals lies in prioritising the
education of staff and incentivising
them to start taking action to
combat attacks themselves.
Schools in the UK were heavily
impacted by intensive and
widespread disruption during the
COVID-19 pandemic, an enemy that
that they did not see coming and
could not prepare for.
Now that schools know of the
incoming threat and have the tools
to fight it off before it finds its way
into our classrooms, it’s crucial that
they take the opportunity – no time
machine required.