The National Cyber Security Centre (NCSC) says it is concerned about the increasing number of cyber-attacks on Britain’s education sector.
Cyber-incidents in British schools have increased since late February 2021, with several ransomware attacks affecting education establishments including schools, colleges and universities.
In a sign that hackers are stepping up attacks, The Harris Federation, which runs 50 primary and secondary academies in and around London, was hit with a cyber-attack yesterday that left 37,000 pupils unable to access email addresses.
The Harris Federation said in a statement that it was “at least” the fourth multi-academy trust to have been targeted in March and that the sophisticated attack will have a “significant impact” on its academies.
“It will take time to uncover the exact details of what has or has not happened, and to resolve,” The academy said in the statement.
This NCSC has released guidance aiming to help private and public sector organisations to deal with the effects of malware, and to provide “actions to help organisations prevent a malware infection,” as well as steps that can be taken if already infected.
According to the Scottish Qualifications Authority (SQA), colleges and Universities in Scotland were hit by more than 860,000 malicious emails between December 2020 and the end of February 2021. The SQA recorded the most attacks in January 2021, where they were targeted by 360,038 malicious emails.
In February 2021 they were targeted by 291,593 emails, and in December 2020, they were targeted by a comparatively low 210,986 emails.
On the 23rd of March, commenting on the increased attacks on schools, Paul Chichester, Director of Operations at the NCSC, said: “Any targeting of the education sector by cybercriminals is completely unacceptable.
“This is a growing threat, and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.
“We are committed to ensuring the UK education sector is resilient against cyber threats and have published practical resources to help establishments improve their cybersecurity and response to cyber incidents.”
- Scot-Secure 2021 | Understanding cybersecurity threat actors
- NCSC CEO warns against becoming complacent in cybersecurity
- Questions raised over secure message evidence in 2020 EncroChat arrests
The UK Government recently carried out its Cyber Security Breaches Survey 2021, which revealed the extent to which cybersecurity threats are hitting UK institutions.
Data from the survey showed that almost 40% of businesses in the UK had a cybersecurity breach or attack in the last 12 months, with the average costs to businesses where a breach has resulted in a loss of data or assets being £8,460. This figure rises to £13,400 for medium and large businesses.
The impact that cyberattacks like these can have on educational institutions is profound. Recent incidents of ransomware attacks have led to the loss of coursework, school financial records, and important data relating to Covid-19 testing.
A new report from the Learning & Work Institute indicated that investment in digital training and re-training in the UK has been decreasing, which will ultimately have an impact on how things like ransomware are dealt with.
However, evidence in the report also shows positive signs of combating these threats in the future, showing that young people and employers agree that digital skills are vital in every sector of the economy, with demand for advanced digital skills is only set to increase in the future.