Education sector suffers series of cyber attacks in 2021

David Cummins, VP of EMEA, Tenable, examines how universities are being targeted by a series of cyber attacks in 2021 and what they can do to protect themselves

The pandemic dramatically affected the education sector. To allow core curriculum and examinations to continue for students, systems, such as cloud-based software, video conferencing tools, and gamified e-learning activities, became invaluable. However, this shift to complete reliance on technology meant that the cyber attack surface expanded, with an increasing number of e-institutions made vulnerable from using new systems throughout the school day.

The National Cyber Security Centre (NCSC) highlighted the threat of ransomware attacks on the UK education sector during August/September 2020. With the majority of educational settings now returning to in-person learning, the sector is still firmly in the sights of threat actors. In late May and early June, the NCSC again warned that it was investigating another increase in ransomware attacks against schools, colleges and universities in the UK.

This is echoed by Microsoft who, from global threat activity, places the education sector firmly in first place, claiming it is the most affected industry of reported enterprise malware encounters in the last 30 days.

For academic institutions, virtual technology is very much a factor within the school day but its imperative the sector takes action to address the risks.

Luckily, there are a few simple and affordable steps that educational settings can take to bolster security efforts and help ensure networks are adequately protected:

Identify common points of failure

The vast majority of data breaches today are not sophisticated to the trained eye. In fact, the majority are avoidable incidents that are either the result of known, but unpatched, vulnerabilities, or someone visiting a malicious website encrypted with malware.

Identifying and patching common vulnerabilities favoured by criminals, and blocking known malicious sites and IP addresses from the network, will help protect data and systems. 

Enforce multi-factor authentication for staff and students

Ensuring remote learning tools are only accessible by the required and appropriate people can be achieved through using multi-factor authentication solutions. Users are required to provide an additional form of identification rather than relying on a username and password combination to access systems. Additional layers of identification can be implemented such as a one-time passcode (OTP) sent via SMS, or a fingerprint or iris scan.

Optimising limited resources and support

A joint advisory issued by the NCSC, the Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cybersecurity Centre (ACSC) confirmed, rather than creative threat vectors, bad actors will typically target known vulnerabilities to compromise unpatched systems and breach an organisation’s defences. To prevent this, IT teams should prioritise known flaws by taking a risk-based vulnerability management approach. This approach focuses on the specific threats that pose a real risk, not just a theoretical risk, to an organisation, whilst vastly reducing time wasted on manually prioritising threats. Studies have found that this approach can improve security by 7.5 times, and at no additional cost.

Have a holistic approach

Since the beginning of the pandemic, school networks have been accessed by a number of unknown devices security teams have never had to deal with before. For most schools, understanding and mapping such a vast selection of assets can be fearfully complex. Discovering and managing unknown assets can be near to impossible without the proper use of tools. Another useful resource, currently being piloted by The Department for Education, is the ‘Cyber Secure’ tool. A free and anonymous self-assessment tool, schools can assess their cyber security measures through a grading system of 0 to 5 to help understand the risks they face.

Following these initial steps to understanding the new attack landscape should be a priority for any educational institution moving forwards. Efforts to improve cyber hygiene on an organisational scale will help create a richer, and secure, education for the next generation of classes.

As schools return to indoor teaching, and some continue to use the virtual systems implemented in the height of the pandemic, these simple security measures will help ensure institutions keep the trust of students, parents and teachers.