CapNet

View Original

Education - Worst hit by the increase in cyber-attacks

Pupil learning remotely on laptop with teacher

Cybercrime has always been a growing threat across education. However, the recent pandemic has made targeting schools easier than ever. Education has been hit the hardest by the increase in cyber-attacks in comparison to UK businesses due to the lack of security in their IT infrastructures.

It has already been an incredibly tough year for teachers, students, and parents. The beginning of the pandemic caused a lot of worries because students were left unable to attend school, college, or university. This left many wondering how they were going to continue teaching and learning.

However, everyone within the education sector worked amazingly by using the likes of Zoom or Teams Meetings to create online classrooms. Despite how difficult this must have been for all involved, everyone worked together and patiently adapted to the ‘new normal way of teaching.

Remote learning allowed teachers to continue their lessons, communicate with their students, and hold parent/teacher meetings.

This also meant that everyone could keep some form of routine in their life as everyone attended remote lessons during school hours, continued to complete assignments/homework, and interacted with other students in their online classroom.

However, one aspect that was significantly lacking for all industries working remotely was the need for tougher cyber security procedures. Just like an office setting; schools, colleges, and universities will have a set of cyber security guidelines in place to prevent a potential cyber-attack.

But, many students and teachers use personal laptops rather than the usual secure, school devices, and a lack of anti-virus or up-to-date software may have increased the chances of a cybercriminal succeeding in their attack. Other potential causes for the increase include using a public VPN, not creating safe passwords, and not learning about the different security threats and how to spot them.

According to the Sophos State of Ransomware in Education 2021 report, the education sector was the hardest hit industry by ransomware in 2020. They also found that ‘three-quarters of ransomware attacks resulted in the data being encrypted. 51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.’ These figures are astonishing.

Another interesting finding was that any company that did pay the ransom ended up paying double the amount that was being asked of them. The report suggests ‘even if you pay the ransom, you still need to do a lot of work to restore the data… if you pay the ransom, you’ve still got another big cost on top.’ This shows that everyone needs to ensure they have the right backup systems in place so you can get back up and running rather than simply giving in to cybercriminals’ demands.

These attacks can have some extremely devastating effects on the education sector. At CapNet, we’ve outlined just a few of these impacts to show how education has been hit the hardest by the increase in cyber-attacks in the past year.

 

1. The cyber-attacks have put a lot of personal data at risk:

Education has been hit hardest by the increase in cyber-attacks because they risk losing a lot of important data if they don’t have any backup systems in place. It isn’t surprising that data is massively impacted in the instance of a cyber-attack. The education sector holds a high amount of data including student data, staff data, and parent data.

Not only do schools hold data of current students, but they usually keep records of previous students’ data as well.

Cybercriminals make their money from stealing or encrypting data and demanding ridiculous amounts from schools to have it back, or they may potentially sell it to third parties on the dark web. With all this data being stored it’s like a huge gold mine for cybercriminals if their attack is successful.

Stolen data will cause a lot of distress for students, staff, and parents. This is because the data will include the likes of bank details, medical records, and home addresses. Private information isn’t something anyone would want a random person to know about them. It’s terrifying to think that someone would want to take your private information to blackmail others and sell it.

Many schools have had to close due to data being encrypted or stolen. This is just another reason why education has been hit the hardest by cyber-attacks. If important information is taken or damaged, it also becomes a safeguarding issue for schools as they are unable to contact parents.

Schools that have become victims of data loss have had to ask parents to resubmit information such as contact details and their children’s medical records. However, a successful cyber-attack might cause parents to lose faith in the security surrounding their personal information.

Not only is the risk of losing personal, sensitive data high, but students can risk having their coursework destroyed. Schools in Bedfordshire recently came under attack which resulted in the student’s coursework being destroyed. Not only did the school have to spend time contacting the school board but this may have caused a lot of distress for the students.

Many people will remember having to complete numerous assignments in year 11. All these assignments will determine the next stages in students’ education or work. On top of this, students are having to revise for exams. They commit a lot of time to complete these assignments so that they can achieve the grade they need. So, we can only imagine how stressful it is for them if a cybercriminal destroys this.

Cybercriminals don’t care about the stress they put on other people. They only care about causing havoc and making money from other people’s hard work. Therefore, schools need to have everything in place to stop this from happening.

2. They will have suffered financial loss:

As discussed before, cybercriminals can demand ridiculous amounts of money for the education sector to have their data back.

Ransomware attacks have cost UK businesses a ridiculous amount over the years. However, the education sector needs all the money it can get to support every student. Financial loss due to a cyber-attack is another reason why education has been hit the hardest due to the increase in cyber-attacks.

Typically, most victims will negotiate a lower amount than the attackers are asking for. However, it may still land in the millions. It hasn’t been reported exactly how many individual schools have had to pay out when faced with a ransomware attack but based on the millions they’ve demanded from UK businesses, we can only imagine the amount cybercriminals have asked for.

The education sector is always striving hard to get funding to support staff and students. Funding can go towards the likes of…

  • Technology such as laptops for students and teachers.

  • School trips.

  • Equipment such as notebooks, pens, rulers etc.

  • Vital equipment and resources for students with learning disabilities.

There are many more reasons why the education sector needs this money but it’s going straight into the hands of cybercriminals.

Most victims will pay the ransom for the fear that their data will get leaked or sold to third parties, which is always a risk. However, even paying the ransom can cause additional fees such as the cost to restore devices or servers.

The education sector must increase its cyber security. The time and money that’s spent on dealing with an attack need to be put into supporting students and teachers.

 

3. They have been unable to access vital resources for learning:

Schools have been hit the hardest as they risk losing data or paying out a huge amount of money. On top of this, it has also affected the way they teach.

Many schools that have been hit by a ransomware attack in the last few months were unable to access their emails. This is because the internet or servers have been down, as well as their devices being affected.

Both teachers and students have had access to their accounts removed within different schools. This will cause issues such as lack of communication between staff and students, emails potentially holding sensitive information, or important documents such as coursework, and safeguarding issues.

On top of this, some schools have been unable to get internet access. A few years ago, it was common for teachers to find resources or information from books or offline content. However, as technology has expanded it’s become easier for teachers to research or provide online learning within a classroom. For example, they might need the internet for finding educational videos on YouTube, or they may find online quizzes to test the class. As well as this, students use online resources to help support their additional learning and assignments.

Some schools that have been the victim of an attack have had to face losing devices such as laptops. This is because many of the devices were affected in the attack resulting in students having to hand them back.

Amazingly, the education sector can provide laptops to students who need additional support, especially as they can be so expensive. If they are having to hand their device back, this may prevent them from being able to revise or complete coursework which is commonly done online. This could affect the students as they might feel others have an advantage over them.

This is the same for any teachers whose school devices were affected as they may use them for teaching support. This takes away a lot of stress for teachers as they can explain topics in a clearer way using online sources, quizzes, and videos.

If pupils or teachers have no access to laptops or the internet this can cause further issues for online learning. It’s been reported a few times in the news that schools have had to close due to a cyber-attack causing numerous issues. This has caused them to return to remote learning. If teachers or students don’t have access to these devices, then they will struggle to participate in online lessons furthering the impact on their education.

 

4. Schools have had to close:

One of the most impactful events in the instance of a cyber-attack is that some schools have had to close. Though it’s necessary and the education sector has made the best decision in closing as remaining open can potentially cause a lot more issues, it isn’t ideal that any school should close.

Teachers and students have already had to spend months staying at home during the pandemic. Parents have also had the difficult task of teaching their children subjects such as science, maths, and PE.

So, for cybercriminals to cause teachers and students to return to remote learning is extremely unfair.

Not only does remote learning make it more difficult to teach and support students, but it’s also vital that students can have those important social interactions with their friends. Being unable to see your friends or other people outside your own home, can be mentally draining and can often make people feel alone.

Teachers are also unable to communicate and socialise with other members of staff face to face, and parents might have to return to remote working whilst their children stay at home. Parents being forced to work from home prevents them from interacting with their colleagues or just being able to get out of the house. For many students, it has already been difficult to complete assignments remotely.

Even if schools return to remote learning, there’s no guarantee that they are any safer from a cyber-attack. Most home workers won’t have access to a secure VPN or the latest software and anti-virus on their devices. This furthers the risk of another cyber-attack in the future.

 

Conclusion:

The fact the education sector has been hit the hardest by the increase in cyber-attacks is extremely worrying. The National Cyber Security Centre (NCSC) says ‘it’s concerned about the increasing number of cyber-attacks on Britain’s education sector.’ They also went on to say, ‘any targeting of the education sector by cybercriminals is completely unacceptable.’

It’s not known if these attacks against the education sector are slowing down any time soon which is why there needs to be as much cyber security in place to help protect them. The NCSC further added ‘This is a growing threat, and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.’

At CapNet, we can help mitigate the above impacts on schools. We want to do everything we can to help. We offer many products and services to help support the education sector.

Please get in touch with our friendly engineers today and we can discuss the different products and services.

Similar posts: