• The education sector and ransomware: Preventing the Next Attack

    960 640 Stuart O'Brien

    By Ken Galvin, Senior Manager for KACE at Quest

    Over the past year, organisations from corporate and healthcare to education systems and retail, have had to learn how to manage networks and devices against unexpected factors. This has exposed many sectors to new security vulnerabilities. Most recently, the education sector seems to be a preferred target by most cybercriminals as a new wave of cyber breaches has taken teachers and students by surprise.

    Ransomware attacks can have devastating implications, and this was the case when Harris Federation – a UK education charity organisation, was struck by a ransomware attack affecting 40,000 pupils.

    We’re seeing these attacks everywhere, and expect that they will be a common occurrence moving forward. The NCSC has previously highlighted an increase in ransomware attacks in the UK education sector last year and again in February 2021. What’s worrying, a new alert was issued recently as authorities are investigating another surge in cybercriminal activity against education establishments during late May – June 2021. While many schools, colleges and universities were on their path towards digital transformation, the education sector has largely lagged in the digital evolution, and educational establishments serving younger students certainly hadn’t prioritised remote learning. Due to this, the remote shift was not an easy one. Unlike corporations or large organisations, a lot of schools did not have the right IT support in place to support the remote shift.

    School IT administrators went from managing devices in one network to having to manage what was essentially a Bring Your Own Device (BYOD) model for students and teachers across various locations, resolving user issues on top of high level duties such as ensuring security. This has proven to be a big challenge for IT teams and for school boards who had to take a second look at their IT investment.

    Ransomware attacks often result in widespread disruptions affecting all the people within an organisation, and victims usually require a significant amount of recovery time to restore critical services. These events are also highly covered by the media which can be potentially damaging for one’s reputation. Given that a ransomware attack can lead to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing, this can have a major impact on the students’ wellbeing as cyber-attacks can delay learning for weeks, throw off scheduled breaks, or big school events like graduation. More than ever, it’s imperative for education systems to prioritise implementing best practices and prevention measures for remote operations.

    Below are three top tips on how IT teams can go about reassessing security practices in the education sector.

    Evaluate the security processes in place

    The increase in ransomware attacks has unsurprisingly caused education systems to rethink what defenses they are putting in place to proactively prevent falling victims in the hands of threat actors.

    Those considering discussions about how they’d go about paying a ransom are already setting themselves up for failure. A successful security process includes proactivity at the top. Consider what your organisation can do now to prevent and prepare for a potential ransomware attack. Focus on preventive measures and policies such as having guidelines on who has administrative access to sensitive information and detecting vulnerabilities before you think about how you’d react.

    Revise and update processes for today’s remote world, and beyond

    In today’s world of remote work, IT teams must expect the unexpected. While remote work isn’t new, the large scale it’s grown to is new, particularly for schools. IT teams working within education systems have typically been accustomed to preparing for attacks within their school networks, but that’s no longer enough in the current distributed education system.

    The right resources might not always be available and that has underlined the need for automation. Having dedicated IT support at all times can be costly but by automating certain processes and procedures, organisations can be more resilient against cyber-attacks, while experiencing speedier response times and saving costs.

    Consider automating tasks through a service desk. Doing so can enable teachers to easily access the files they need through self-service. It also frees up time for slim IT teams, so they can focus on higher priority tasks. No matter what comes in the next school year, through the automation of repetitive tasks, IT will be able to support and manage the day-to-day needs as well as focus on bigger priorities.

    Prioritise comprehensive patch management and vulnerability scanning

    Cybercriminals looking to cash out with a data ransom have largely been targeting organisations that haven’t updated their endpoints with the latest patches. Having comprehensive patch management and vulnerability scanning processes in place not only provides peace of mind but identifies and remedies vulnerabilities early to avoid potential threat vectors that lead to schools getting attacked.

    Consider developing a proactive approach with automated patching to ensure devices remain safe. IT should also look to actively educate themselves on the software being used, staying on top of things such as solution updates. Education systems not ensuring regular patches and software updates will likely experience multiple issues in the future. Unpatched or unsecure devices have been a common tool used by hackers as an easy route into networks.

    As the use of technology for education continues to evolve, schools, colleges and universities will need to continue developing their cybersecurity strategy against the growing threats of ransomware and other cyber-attacks. Whether schools are remote, in-person, or hybrid, they need to ensure that their security strategy is tight to protect confidential student and organisational data.

    Just as we didn’t expect COVID-19 and the following remote shift, we don’t know what the future will bring. But what we do know is how to properly, proactively protect the systems we’re responsible for and the personal data we maintain. It’s time to evolve IT for education systems.



    Stuart O'Brien

    All stories by: Stuart O'Brien

    Leave a Reply

    Your email address will not be published.