Will the education sector get a break?
Cybersecurity has been dominating the news headlines for a number of years now and there has been a growing shift towards targeting the education sector.
Then the COVID-19 outbreak of 2020 complicated matters by forcing a sudden move to remote learning. Educators and students had to turn to their personal computers and unsecured networks to teach and join online classes.
Many academic institutions have either been slow to respond or have not responded at all to the increased attention by cybercriminals even with increased worldwide media attention.
Why Education Institutions
For Cybercriminals, schools and universities are a perfect target because they are often a source of large amounts of personal information, intellectual property and research data that’s rarely protected by cyber security technology or policies to the same levels as many private enterprises.
According to the Cyber Security Breaches Survey 2020 surveying 108 primary, 72 secondary schools, 8 further education colleges in England and 27 UK universities, further and higher education institutions are the most affected by cyber attacks.
54 percent identified breaches or attacks at least once a week, and 57% reported having had a material outcome from these breaches, such as a loss of money, data and system availability.
Attack Surface
Cybercriminals seem to be shifting from targeting larger organisations in favour of smaller institutions that now have an ever increasing attack surface created by this move to highly mobile and more flexible learning solutions; some of which were scaled up without the usual due diligence. These institutions may be less equipped to deal with hacking or ransomware attempts and the consequences of security breaches can be devastating for schools or universities.
Budget
Smaller institutions tend to spend less on their Security budget so they need to ensure that enough of their IT budget is assigned to cyber security for it to be effective.
With budgets that may be too small and management nervous about spending what little budget they have left, this often leaves the education sector unprotected and a low hanging fruit for criminals.
What is the solution
These tips can help you prepare for and prevent attacks focused on the education sector:
The starting point has to be acknowledging that there is a global problem and accepting that this affects your institution. Cyber security must be an integral part of every education organization’s roadmap.
Then putting in place the right combination of people, processes and technology will allow you to take the necessary steps to better identify and manage your cybersecurity risk. Simply spending your budget on technology won’t help without the correct balance of the right people and processes to back it up.
Create strong cyber security policies and procedures and regularly spread awareness of these and best practises to students and staff to follow including spotting phishing attacks and malicious downloads.
Consider strengthening passwords and implementing 2FA (two-factor authentication) for all online learning platforms.
One of the most effective ways to protect against cyber scammers is training staff to spot phishing attacks and malicious downloads. If it looks fake then it probably is and only follow links from trusted sources.
Advanced threat detection and response provided by an external company replaces the need to build this capability in-house. Depending on your budget and needs, going with a service may be the fastest and most cost-effective way to execute part of a smarter cyber security strategy.
If your organisation needs some advice or support with your people, processes or technology then please get in touch today.