Schools set to remain on cyber alert

7 Feb 2023

Schools are braced for a fresh cyber onslaught after a bruising past year, say Kate Miller and Iona Cross.

The New Year began for the UK education sector with a fresh wave of cyber-attacks, this time targeting predominately comprehensive secondary schools. It was widely reported that highly confidential documents from 14 schools had been leaked online by the hackers, including sensitive information relating to children, as well as staff pay scales and contract details.

The nature of the attacks, their depth and intensity, has served as a salutary reminder to all schools that, while 2022 saw the attackers step up a gear, the worst may not be over.

A ransomware gang, with the charming moniker Vice Society, is alleged to be behind recent incidents. It is not the first time the group has targeted educational institutions. While only 18 months old, Vice Society made a name for itself after it reportedly targeted the Los Angeles School District in an attack where it exfiltrated over 500GB of personal and sensitive data, that it later is alleged to have sold on the dark web.

Recent figures from Check Point, a leader in the world of cyber security solutions, note that the education/ research sector was the most attacked industry in the UK in 2022, with organisations within this industry experiencing an average of 2,653 weekly attacks, an increase of 237% compared to 2021.

"When threat actors do infiltrate systems, senior leadership teams can find themselves hard-pressed to deal with the fallout alongside the everyday pressures of running a school and dealing with multiple stakeholders, particularly when the data involved is sensitive information relating to children".

Kate Miller and Iona Cross

In recent years, industry experts have often cited Covid-19 as the cause of this flare-up, blaming the transition to online learning for leaving institutions vulnerable to attacks. However, a recent survey from the National Cyber Security Centre (NCSC) suggested that schools are now much better prepared to manage these incidents, with 100% of schools now using fire wall protection and 74% of schools enabling a 2-step verification for their most important accounts.

Despite these protective measures, it is clear that cyber incidents remain a challenge for educational institutions.  When threat actors do infiltrate systems, senior leadership teams can find themselves hard-pressed to deal with the fallout alongside the everyday pressures of running a school and dealing with multiple stakeholders, particularly when the data involved is sensitive information relating to children.

Recent years suggest the level and sophistication of these attacks will only continue to grow. It is essential therefore that organisations have plans in place to prepare for, respond to and recover from an attack.  People often see cyber incidents as an “IT issue” but the reality is that effective crisis planning involves multiple functions including communications.  DRD has significant expertise working alongside other advisors to ensure companies and institutions are best placed to respond in a way that will ensure the smooth running of the organisation, maintain stakeholder relations and help minimise reputational damage.