School leaders warned of cyberattacks as new academic year starts

As education institutions across the UK open their doors for a new academic year, school leaders are being cautioned about the looming threat of cyberattacks.

The National Cyber Security Centre (NCSC) has advised that ‘appropriate security measures’ be implemented to fend off potential threats and avoid any disruptions.

While there are not any specific indication of heightened threats, the onset of a new term means that the repercussions of any cyberattack could be more severe than during other times of the year.

“Cybercriminals will spare no one and nothing, not even schools, if it means finding a weak link and getting hold of important data.

“Often cyber criminals will look to gain entry through different user access points – and with an influx of new students, new logins, and portable devices at the start of the academic year, this risks creating a hotbed for hacking if schools don’t protect their networks properly,” said Steve Bradford, Senior Vice President for EMEA at SailPoint.

Recent school cyberattacks

Highgate Wood Secondary School in North London had to delay the start of its term by six days due to a cyberattack.

The school’s headteacher, Patrick Cozier, confirmed in a letter to parents that an online attack had rendered the school’s IT systems inaccessible. However, he assured parents that they are ‘extremely confident’ their data was not breached. The school has since been working to restore its systems and plans to commence the new term on 11 September.

Debenham High School in Suffolk also experienced a cyberattack that took its entire computer system offline. Headteacher Simon Martin emphasised there was ‘no evidence that any data had been compromised’. He did not indicate any delay in the start of the new term.

Schools are a vulnerable target

While schools are not typically targeted in concentrated attack campaigns like businesses, they can still be perceived as vulnerable targets by opportunists, as their cybersecurity defenses are often less robust compared to other institutions.

A recent survey by Proofpoint revealed a concerning trend. The study found that a staggering 96% of the top 50 state secondary schools in the UK are ‘lagging behind’ in online safety measures. Proofpoint urged school heads to bolster their defenses against potential cyberthreats.

“The reason educational institutions remain a highly attractive target for cybercriminals is they hold large amounts of sensitive, personal, and financial data,” said Matt Cooke, Cybersecurity Strategist at Proofpoint.

Cooke suggested that email authentication protocols like DMARC remain the best way to shore up email fraud defenses. Schools should have the strictest level of DMARC protection in place to protect those within their networks.

In its research last year, Comparitech recorded 119 confirmed ransomware attacks on educational institutions worldwide. Alarmingly, this year has already seen 90 such incidents.

Furthermore, an audit conducted by NCSC and the National Grid for Learning (LGfL) highlighted that only 53% of schools felt adequately prepared for a cyberattack.

With the increasing reliance on technology in education, it’s imperative for schools to prioritise cybersecurity, ensuring a safe learning environment for students and staff alike.

Staff and students should remain vigilant to suspicious phishing emails and requests. Schools should also ensure they are managing access carefully, only allowing as much as individuals need and removing access rights for anyone who has left.

AI-driven technology like identity security can help IT detect unusual and suspicious behaviour, helping to reduce the chances of a breach occurring.

Hungry for more tech news?

Sign up for your weekly tech briefings!