Education under cyber attack SAFETY & SECURITY

Martin Lethbridge, WatchGuard Technologies I

n September last year, the UK government’s NCSC (National

Cyber Security Centre), part of GCHQ, issued an alert to the academic sector following a series of online attacks against schools, colleges and universities. The attacks coincided with the return of pupils and students and prompted the NCSC to urge immediate steps to mitigate the risks, and deal with possible breaches.

Many of the incidents reported

were ransomware attacks. These typically involve the encryption of data by cyber criminals, who then demand money in exchange for its recovery.

In a series of high-profile attacks, at least seven higher education

institutions in the UK were hit in a global ransomware attack that targeted their US-based cloud computing provider. While no bank account, credit card or social security details of any individual were accessed, the hackers were allegedly able to steal names, gender, contact information, emails and addresses.

Changing landscapes The COVID-19 pandemic has driven the move to remote learning and extended the traditional network perimeter to connect thousands of remote devices not under the control of the IT department. This has radically changed the threat landscape for education and presents new challenges for IT managers facing a radically different future of learning.

Education is a more challenging environment to protect than most

businesses, largely because of the diverse user base and wide range of personal and unmanaged devices connecting to the network. These devices may also be shared with other family members, so if they are compromised, or already infected with malware and then reconnected into the school environment, that could lead to a cyber incident or potential breach.

Humans – both young and old - are often the weakest

link and pose one of the biggest threats to security, whether through error, or for something more sinister. That’s why security awareness and education must be at the heart of any cyber security prevention policy - educating the educators, as well as their pupils and students.

Lesson one is learning about the risks of clicking on

suspicious links. Many of us still cannot spot the nuance of clever phishing scams, so one of the best times to learn about phishing is when an error has just been made.

Defence in depth When it comes to technology defences, a layered approach to cybersecurity is vital. While every network needs a strong network firewall, they also need a full arsenal of scanning engines to provide visibility, threat intelligence and protection against spyware and viruses, malicious apps, data leakage and unknown zero-day threats.

January 2021 41 Then there is the problem of stolen or weak passwords. As we all struggle

with remembering a multitude of long, complex and secure passwords, the use of multi-factor authentication (MFA) is compelling. MFA is simply a security system that requires more than one method of authentication to verify the user's identity for a login or other transaction such as a one-time- password sent to a mobile phone.

Utilising tools to prevent attempts to connect to malicious web sites

through phishing attacks as well as preventing access to inappropriate content is also a key consideration.

Worries about Wi-Fi As well as being a vital tool for study, we often don’t think twice about connecting to an unsecured Wi-Fi network to check emails and social media or do some online shopping. But it is all too easy for hackers to compromise Wi-Fi and even set up their own rogue hotspots that look genuine. That’s why schools, colleges and universities need to provide a Trusted Wireless Environment (TWE), that is fast, easy to manage and, most importantly, secure.

The bottom line is there is no silver bullet when it comes to defeating

cybercrime – in our education institutions or anywhere else. The best way to combat the growing threat landscape is through education and by implementing a layered approach to security.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54