As the rate of cyberattacks on educational institutions surges worldwide, experts warn that UK schools and universities must do more to secure their sensitive data.
According to a recent National Cyber Security Centre (NCSC) and National Grid for Learning (LGfL) report, the education sector is topping hackers’ shopping lists, with over three-quarters of UK schools falling victim to at least one type of cyber incident over the past twelve months.
Cyberattacks on educational institutions have been on the rise for some time. In early January 2023, it was reported that confidential data from 14 UK schools was leaked online by the threat actor Vice Society after they refused to pay the group's ransom demands.
Just last week, the UK’s largest state boarding school Wymondham College announced it had been hit by a cyberattack and while it is yet to confirm if any sensitive data has been accessed, it did confess to anticipate ongoing disruption over the coming weeks.
Simon Bain, founder and CEO at OmniIndex, has called on educational institutions to take steps to improve their defences against cybercriminals looking for an easy target:
“One of the biggest challenges in educational data use today is preventing data misuse. Educational institutions are frequently targeted by cybercriminals as they regularly collect and store huge amounts of highly sensitive, confidential, and regulated information. With this comes huge risks and privacy concerns.
“While the collection of data is a crucial part of the education system and can be utilised to support improved educational outcomes by identifying areas where students and schools may need additional support and facilities when misused or mismanaged, educational institutions can face large fines and reputational damage that can have long-term effects on their success.”
Phishing for student data
Among those that have experienced breaches or attacks in the last 12 months, the NCSC found that higher education institutions appear to be more severely affected by them than schools.
62 per cent of higher education institutions reported experiencing breaches or attacks at least weekly, compared to just 20 per cent of further education colleges and 23 per cent of secondary schools.
Phishing attacks topped the charts as the most common form of attack in all educational institutions, however, with 9 out of 10 of all institutions reporting that they had experienced an attack in the past year.
Just got a text from the “university” saying there’s been phishing attacks on our emails… then it says to check your email for more info. That’s not sketchy at all.
— Rustopher the Concentrated (@Rustopherson) August 1, 2022
Bain said that educational institutions must do more to protect themselves against this new wave of phishing attacks by implementing measures to secure their data.
“Considering the sheer volume of phishing and ransomware attacks facing educational institutions, any measures that can be taken to secure data further and protect their organisations will go a long way in deterring attackers. The potential consequences of such an attack mean that proactivity is invaluable,” adds the OmniIndex CEO.
OmniIndex recently partnered with Future-X Education, a provider of traditional Education Management Information System (EMIS) systems to thousands of public schools across Africa.
Future-X’s EMIS systems are designed for the collection, integration, processing, maintenance and dissemination of data and information to support decision-making, policy analysis and formulation, planning, monitoring, and management at all levels of an education system.
The addition of OmniIndex’s security and privacy to its EMIS will help thousands more schools, students and teachers securely access and use the data they need.
As regulation gets stricter — and data and tech become more and more crucial — a network of privacy, security, and risk professionals is growing and flourishing And it has become clearer than ever that the skills required in each of these areas are not only connected, but inseparable.
Taking place on 17th & 18th May 2023, PrivSec Global unites experts from both privacy and security, providing a forum where professionals from across these fields can listen, learn, and debate.
The two-day event features over 80+ speakers across 24+ sessions, PrivSec Global will cover the most pressing and challenging topics from across the data protection, privacy and security sectors.