Euan Birch, Security Operations Lead at Proact UK

The education sector has faced new alerts, after suffering from a rise in ransomware attacks since August 2020. But, why are universities suffering these attacks?

Schools, colleges and universities are finding new ways to operate in the current pandemic. Often they are leading from the front implementing innovative work-from-home solutions for their employees, new ways of examining for their lecturers and teachers and “blended learning” for their students. These changes were inevitable in the global age, but have been fast tracked due to coronavirus.

Unfortunately, one area has lagged and that is cybersecurity.

Ransomware attacks on the education sector

In the rush to enable the education sector, key risk-factors have been put on hold. Risks such as work-from-home networks being insecure by design, and not up to operating at the same standard as the business. In universities, one campus has now become 17,000 campuses.

Traditional methods of compromise, such as Business Email Compromise (BEC) which affected Newcastle University in August, have plagued the education sector over the last five years. The attack on Northumbria University caused server disruption resulting in cancelled exams, students left confused and the university out of pocket in staff time, remediation costs and operational costs. The Universities of London, Leeds, Oxford, Exeter, York, Birmingham, Strathclyde, Reading and many more across the world were all involved in the Blackbaud breach.

Protecting against the growing threat is proving difficult. In April, a test of cyber defences at universities was carried out by a group employed by the university internet services provider Jisc. In every case, hackers gained high value data within two hours. The attacks were carried out across 50 universities in the UK. Some organisations were attacked multiple times, each time resulting in potential catastrophic loss.

How can you maintain “business as usual” if your organisation is hit by a ransomware attack? Find out how in this article written by our security specialists.

The risk is so real and the threat so big that even the UK government’s National Cyber Security Centre (NCSC) issued guidance at the beginning of September. The NCSC is responsible for protecting the critical infrastructure of the United Kingdom. They warned the industry to act now to protect students, teachers, lecturers and other employees across the education sector. If they didn’t, then they were going to risk severe chaos and disruption to the start of term and beyond! Their focus was ransomware.

So, what can you do about it?

In August 2020, the NCSC began investigating an increase in ransomware attacks on schools, colleges and universities. As a result, they provided guidance on ransomware to the education sector. They focused on three main areas where ransomware can sneak into systems:

  • Unsecured infrastructure – taking control of poorly configured systems
  • Vulnerabilities – exploiting problems that you might not know are there
  • People – using good nature, curiosity and ambition for financial gain

There are common ways around this. These include paying up to the attackers and giving them huge sums of money to get the data back… or else, losing the data! Both of these are unacceptable losses and costly, both financially and reputationally. Therefore, investments in people, processes and tools provides a much more valuable return on investment than paying out a ransomware attacker. Not to mention payment to such groups can hold senior leaders liable to civil penalties.

Follow advice from the NCSC

The NCSC suggests that a few simple things can help secure the education sector in the short term such as:

  • Disrupting the attackers with:
    • Vulnerability management and patching
    • Securing remote desktop protocol
    • Securing virtual private networks
    • Installing and enabling antivirus
    • Implementing phishing prevention
  • Enabling effective recovery via:
    • Offline back-ups
    • Cyber response exercises
  • Monitoring and analysing behaviour via:
    • Powerful tools
    • Skilled people

Services to help protect you from ransomware attacks

These easy steps are best managed by services like:

  • Security Incident and Event Management as a Service (SIEMaaS) and User and Entity Behaviour Analytics (UEBA) provide visibility so you know what is going on in your infrastructure day and night
  • Anti-Phishing as a Service (APaaS) helps you secure email across your organisation with something more powerful than an email gateway – Artificial Intelligence
  • Vulnerability Assessment and Intelligence as a Service (VAaaS) provides you with fast detailed reports, detailing the biggest risks you face and giving you time to fix them
  • Infrastructure as a Service (IaaS) helps you manage important infrastructure and rely on experts to keep you up to date and secure
  • Back-up as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) give you the confidence that data is secure even if you do get infected

In the event of an attack, how do you keep your organisation running as usual? Why not read our article to explore some options, or give us a call to have a chat to our security specialists.