The cyber threat to the Further and Higher Education sector sits within the wider threat to UK enterprise overall. As with any large organisation, universities and colleges handle large volumes of personal data, intellectual property and other data assets, all of which makes education a target for cyber attack.
Understanding what assets you hold and why they may be of value to cyber criminals and malicious actors is a key step towards protecting your organisation, your data and your people. Below we explore what’s special about education and who may be targeting your organisation.
Why are universities vulnerable to cyber attack?
Large volumes of data
Further and Higher Education institutions handle large volumes of sensitive data that may be held for many years. A wide variety of data on students, faculty members, alumni, parents and university staff make them highly attractive targets.
Research universities and medical schools may also handle data from other organisations. Such as medical data for hospitals linked to the university or corporations and public sector bodies connected to research projects and grants. This data may attract both those seeking financial gain as well as those looking to steal intellectual property.
Lack of centralised structure
In many cases, sensitive data is stored in different locations rather than one centralised place. Student data may be stored by individual colleges or campuses. With many education providers merging to form larger establishments, staff data may also historically reside in different locations.
Furthermore, duplicate sensitive data may be propagated across an organisation, with different departments holding the same information. Alumni offices, central administration, schools and colleges may all have their reasons for storing the same data on a student or even faculty staff.
Organisational vulnerabilities
Decentralisation is often reflected in other ways too. Such as cyber security policies, processes used to handle data, cyber security tools and security awareness programmes.
Ensuring that everyone within such a diverse organisation adheres to the same policies and safeguarding procedures is no easy task.
Widespread use of personal devices
FE & HE institutions depend on large sectors of their user community having a personal device. Students are the obvious risk, with the majority accessing organisational systems from often less well protected mobiles, tablets and laptops.
However, admin and faculty staff also use their own devices, especially in recent times with the increase in remote learning / teaching. Security awareness can be a problem and there can also be resistance from the user community if the IT department want to put controls in place on personal devices.
Remote learning
Accessing organisational apps and data remotely exposes another vulnerability. This can be exasperated by lack of data security awareness, frustrations around using new technology to work or teach remotely and a proprietary attitude to personal devices.
Who’s attacking your network?
So who’s responsible for this increase in attacks on the education sector? The key threats to education establishments are:
- Criminals looking for financial gain
- State-sponsored espionage
Both actors will use the same vulnerabilities to access your network. But while the criminal looking for financial gain will often make themselves known once they’re ready to act with a ransom demand, nation states seeking to steal personal data and intellectual property and criminals stealing data to sell, prefer to remain undetected.
Ransomware attacks on the increase
Since late February 2021, the National Cyber Security Centre (NCSC) has seen an increased number of ransomware attacks affecting education establishments in the UK. The NCSC previously acknowledged an increase in ransomware attacks on the UK education sector during August and September 2020. It has now updated its Alert in line with the latest activity.
Ransomware attacks prevent organisations from accessing their systems or data until a ransom is paid. Threats to release stolen sensitive data on ‘name and shame’ websites, are also on the increase if the ransom is not paid.
The NCSC said that, “In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing.”
Attackers gain access to the target’s network depending on the vulnerabilities they identify. Common attack vectors include:
- Phishing
- Remote access systems: remote desktop protocol (RDP) and virtual private networks (VPN)
- Unpatched and unsecure devices
Once inside your network the attacker will generally increase their privileges in order to identity high-value assets. The NCSC reports recent malicious activities including:
- sabotage backup or auditing devices to make recovery more difficult,
- encrypt entire virtual servers,
- use scripting environments (e.g. PowerShell) to easily deploy tooling or ransomware.
How to protect your users from ransomware attacks
The best defence is to your people. Security awareness training (regularly updated) and imitation phishing campaigns to raise awareness and also identify susceptible users, makes a real difference. This can be challenging with a high turnover of students, which is why comprehensive security measures must also be deployed.
Relatively simple measures can be put in place to secure your network. A robust approach to patching will help secure devices. Multi Factor Authentication (MFA) provides an additional level of security for remote access systems. Vulnerability Management identifies vulnerabilities, balances risks with business operations, and gives you much needed visibility to protect your establishment from evolving threats.
Email security platforms are vital to identify and disrupt phishing attacks. These solutions don’t have to be onerous on the IT department either. End-user quarantine management processes protect your network but allows users to self-service and release their own messages in a secure environment.
If you would like to discuss how to better protect your network and data, please get in touch with our cyber security team. We work with many schools, colleges and universities, and are happy to share experience and best practice.
To read our case study on Coleg Gwent’s email security solution, click here >
