Menu

Call us on 03450 21 21 51

The perfect storm created by Covid-19: why the education sector needs to shift its cyber security focus
The SRM Blog

The perfect storm created by Covid-19: why the education sector needs to shift its cyber security focus

Ian Armstrong

Written by Ian Armstrong

9th October 2020

Share this article

university cybersecurity

As if the education sector did not have enough to worry about, the Covid-19 pandemic has created a perfect storm for hackers. So, alongside the logistical challenges of the start of a new academic year like no other, there is another insidious, unseen threat to contend with: the threat of a cyberattack. Since August, there has been a marked increase in the number of ransomware attacks on the education sector and this has been the focus of an investigation by the National Cyber Security Council (NCSC). The NCSC has consequently issued an alert which should be taken very seriously indeed.

The education sector has been a key target for hackers for many years, not least because schools, universities and colleges have presented comparatively high value easy targets. Data and intellectual property are potentially lucrative commodities which, once accessed, can be sold or ransomed for financial reward.

Although higher education establishments will expend significant budgets on system security, gaining access to network systems is made easier by the sheer number of users. External attacks rely on obtaining user credentials to be successful, and in 81 per cent of data breaches it is compromised credentials which allowed hackers to gain entry. Given the likelihood that many campus users are not as vigilant as they would be in a commercial setting, with naïve internet browsing and widespread social media activity across a number of devices, the hacker can exploit this advantage. By hacking into just one account, an entry point can be created for accessing more privileged accounts of greater value.

Schools often face a different challenge, however, with many simply having less disposable budget to spend on security solutions, mistakenly believing that antivirus software will keep them protected. In the NCSC’s recent schools survey, it was found that 99 per cent have firewalls, 98 per cent have anti-virus software installed and 95 per cent say they continuously keep software up to date. Yet the harsh fact is that 69 per cent have suffered a phishing attack this year and 30 per cent had been infected by malware.

Perhaps of even greater concern is the fact that only 3 per cent of schools were even aware of a data breach once it had occurred.

This points to a common thread, and the most important vulnerability presented by the education sector as a whole: the fact that, with few exceptions, the security focus is on the perimeter. By concentrating on preventing hackers and malware from getting in, they are overlooking the danger presented by malicious intruders who have gained entry and are able to navigate freely and almost undetected within the system for some considerable time once inside. This is where the real reputational and financial damage lies.

Now the Covid-19 pandemic has brought about an extensive change to how schools, universities and colleges function, with vast amounts of time, energy and resource expended on disease prevention and containment. At the same time there is an even wider usage of own devices – including staff as well as students and pupils – which, if hacked, can create entry points for hackers.

Phishing emails since March have been heavily weighted towards formal-sounding emails and messages relating to the pandemic which can be opened in good faith. But the threat goes much deeper than a simple breach if a hacker is then allowed to linger quietly and undetected while navigating freely inside a system.

From the point of breach, the NCSC survey found that attackers are doing a number of highly damaging things, including sabotaging backup and auditing devices to make recovery more difficult. They also encrypt virtual servers and use scriptware environments to deploy tooling and ransomware with the potential to wreak havoc within a network, sometimes bringing entire systems to a standstill.

The key message is to accept that relentless and highly sophisticated brute force phishing campaigns will create opportunities for hackers and to shift the focus from the perimeter to shoring up internal security measures.

It is essential to construct internal firewalls and barriers within the network and to add additional layers of access control and protection to the most valuable accounts and data. In this way, the opportunities for hackers are minimised. Without the chance to move freely around a system once they have gained entry, the extent and scope of the potential damage is reduced significantly.

A cyber security strategy should also include a sound reporting, mitigation and recovery plan.

It is vital to have a widely-understood procedure to identify and report breaches swiftly. By reducing the amount of time they have to explore any network vulnerabilities, the hacker’s time bomb is diffused. So, even if an attacker is successful, the breach will be contained and mitigated in the shortest period of time possible, with minimal disruption.

That does not mean that robust perimeter security measures should not also be a priority. For example, securing the remote desktop protocol with multi factor authentication, patching and updating all software and hardware, using mechanisms to prevent phishing attacks, disabling or constraining scripting environments and, of course, educating users about the risks of opening emails.

But giving equal focus to a strong and integrated internal security strategy will transform an institution’s resilience in the face of an attack.

Professional guidance can be invaluable in the development and implementation of a cyber security strategy, ultimately enhancing the institution’s risk posture significantly. Experienced and highly qualified individuals with real world experience and understanding of the current threat environment are a cost-effective resource at all levels of the education sector. From the small primary school to the large university, the experts within a professional team will work diligently to enhance the whole security posture and reduce the impact of any breach. This not only provides the reassurance of the highest professional standards of cyber security but also releases already over-stretched IT teams to focus on the issues relating to the pandemic and its implications.

If you’re concerned that your school, college or university could be susceptible to a damaging attack from cyber criminals, why not get in touch with us today to find out how we can help. At SRM we’re always happy to scope out an organisation’s requirement and quote for free. So, you have nothing to lose. Contact us now.

 

Back to top