Throughout the pandemic, there has been a stark increase in cyber crime activities. Some estimates indicate a 600% increase, some of which has targeted educational establishments in the UK. Hastily adopted remote learning solutions have provided malicious actors with alternative methods for conducting attacks and undermining the confidentiality, integrity and availability of sensitive data.
Although schools are now much better equipped to work remotely, it does increase the chance of a data breach or significant cyber attacks occurring, which could result in an inability to deliver quality teaching to students and the loss of sensitive personal data.
While data and financial loss are the more tangible risks that a school must manage, it is the subsequent reputational damage following cyber attacks that have the biggest impact on your educational establishment, especially if reputation is core to your ability in attracting new students.
Therefore, it is important that remote learning solutions remain adequately protected so they do not present an easy avenue of attack for a malicious actor, and the safety of students that remain at home can be ensured.
The following tactics employed by malicious actors are important to consider.
Ransomware impacts organisations large and small, public and private. For schools, this could be a threat to release the personal data held on pupils and parents unless a ransom is paid. Ransomware could also prevent the school from delivering classes to pupils, or even cause them to lose data concerning the educational achievements and exam results of pupils.
Malicious online actors carrying out ransomware attacks often scan the public internet for specific open ports relating to services which would allow external access if security configurations haven’t been optimised. Commonly exploited services are those used for file sharing or remote access which are likely to be components of your remote learning solution. A recent tactic adopted by ransomware gangs is not only encryption of network devices. If the victim refuses to pay, the attackers release sensitive data publicly, compounding a ransomware-based disruption with a data breach.
Mailbox filters and staff training can mitigate the risks presented by phishing attacks under most circumstances. If a school’s email address was spoofed, a hacker could send an email that looks like it came from the school to parents, children and other third parties. If you do not have the skills in-house to understand and optimise the security tools you have in place, then you should seek external help.
More sophisticated attacks where emails appear to be sent from an organisation’s legitimate address can be successful as they are far harder to spot. Schools at risk of email spoofing do not have the correct email security configurations in place. Organisations using external email security services may mistakenly assume they are protected.
Sub-optimal configurations across the education sector suggest there may be insufficient oversight of cyber security in the organisation or a lack of knowledge and skills to correctly implement the protection that is available.
New software vulnerabilities are regularly identified and the companies responsible for the software, like Microsoft, disclose the vulnerabilities publicly and provide fixes to address them. Organisations that do not implement the fixes in a timely manner will run vulnerable software and cyber criminals use publicly available information to identify when an organisation is running such software. The vulnerabilities can then be exploited to attack an organisation. Schools that have deployed remote learning solutions will have increased their risk of attack with the services, so it is important to have a vulnerability or patch management solution in place to avoid being compromised.
The threat posed by cyber criminals changes frequently, making it difficult for schools to maintain effective cyber security. Cyber risks can be complex, and senior management may not have the technical knowledge necessary to interrogate their IT provider about the organisation’s cyber security and vulnerabilities. Independent verification should be obtained irrespective of the technical capacity of your school’s IT team. This often reveals vulnerabilities that could be exploited by hackers. It also provides schools with reassurance that their cyber security is being effectively managed.
Schools should consider whether IT systems are configured securely and what forms of assurance are available to governors and trustees. Systems supplied by third party suppliers can introduce cyber and information security risks. Schools should have processes in place to identify and assess the risks posed by third party suppliers and a procedure to manage those risks.
If you find yourself with some extra resource and capacity now that troubleshooting home working issues are less frequent, take stock of your public-facing services and assess your current cyber security risk.
Daniel Faram, Senior Security Consultant, Moore ClearComm