Why is the education sector a soft target for cyber attacks?

In recent years, schools, colleges and universities have become increasingly reliant on technology to facilitate learning and communication. With the shift to online learning due to the COVID-19 pandemic, this trend has only accelerated. However, as education establishments embrace technology, they also become more vulnerable to cyber attacks.

In early January 2023 it was been reported that confidential data from 14 UK schools has been leaked online by hackers following attacks that took place in 2022. Leaked documents include children’s SEN information, pupil passport scans, staff pay scales and contract details and the information was leaked after the impacted schools refused to pay the attackers ransom demands.

And whilst writing this blog just a week later it was reported that a chain operating schools in Yorkshire has been hit by ransomware attacks.

Ransomware demands on schools is becoming an increasingly common occurrence.

THE EDUCATION SECTOR IS SEEN AS A SOFT TARGET FOR RANSOMWARE ATTACKS

In July 2022 Sophos reported that 56% of lower education institutions had been hit by ransomware in the previous year, along with 64% of higher education bodies.

And according to Check Point’s 2022 Mid-Year Report, the education sector experienced a 44% increase in cyber-attacks when compared to 2021, with an average of 2297 attacks against organisations every week. They also reported that education was the most impacted sector for the whole of 2022.

According to some, these reports are quite conservative. A firm of leading business advisors reported in October 2022 that in the 12 months to August 2022, there had been a 93% increase in cyber attacks targeting the UK education sector.

What they all agree on though, is that at a time when the threat of cyber crime is widely acknowledged as a challenge across all sectors, education is consistently recognised as one of the most likely to experience a malicious cyber attack.

BUT WHY ARE SCHOOLS AND EDUCATION FACILITIES SEEN AS LOW HANGING FRUIT?

One of the primary reasons schools are vulnerable to cyber attacks is the sensitive information they possess. Schools often store large amounts of personal information, including student and faculty records, as well as financial information. This information can be valuable to attackers who may use it as a ransomware bartering asset, or sell it on the black market or use it for identity theft or other types of fraud.

Furthermore, schools, especially higher academic institutions, have a large number of people accessing their systems and networks, many from home or outside the network, many using personal devices, making networks in the sector much bigger, more open and more difficult to protect. Teachers, students, and staff members may not have the knowledge or awareness to fully realise the risks, to detect and avoid phishing attempts or other types of social engineering.

In addition schools tend to have limited resources and expertise for IT and cyber security. Many do not have the budget to invest in robust cyber security measures, such as firewalls, intrusion detection systems, and malware protection software. They may also not have staff members with the necessary evolving expertise to properly secure their systems and networks from emerging threats. This makes it easier for cyber attackers to infiltrate in their networks.

STAY AHEAD OF CYBER THREATS IN EDUCATION

Acora specialises in assisting educational institutions, such as schools, colleges and universities, in raising cyber awareness, and creating and executing effective security plans to protect against malicious attacks.

We help organisations understand the threats facing them and by collaborating closely with educational leaders and governing bodies, we tailor our solutions to address the unique security challenges facing the education sector.

If you are concerned about cyber security threats to your education establishment, and the potential damage and disruption it may cause to your reputation, then please get in touch for a free cyber security consultation.