search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
VIEWS & OPINION The hacker stole my homework! Comment by KEIRON HOLYOME, VP UKI & Nordics, BlackBerry


“The hacker stole my homework!” While previous generations of teachers would have stared incredulously at students who offered up such an excuse, today, the statement is anything but farfetched. The 2022-23 school year was a cyber struggle for UK schools. The Vice Society, believed to be behind numerous ransomware attacks on educational institutions across the UK and US, leaked children’s SEN (special education needs) information, pupil passport scans, staff pay scales and contracts from 14 UK schools onto the dark web after refusal to meet the hacker’s ransom demands. Separate attacks during the summer term – exam season for many – saw schools in Wiltshire and Dorset unable to operate screens and systems, while


hackers demanded ransom payments for restoring access. As well as impacting teaching, everything from canteen payments to administrative operations were inaccessible. And, as the University of the West of Scotland head into summer break, a ransomware attack that shut off IT systems and affected student applications has reportedly demanded £450,000 for the return of confidential data.


These are just a few examples, though the National Cybersecurity Centre (NCSC) estimates that three-quarters of UK schools and colleges actually experienced a cyber breach. Its recent report articulated that UK education institutions are more likely to have identified cyber security breaches or attacks in the last 12 months than the average UK business. Further and higher education sites are more likely to be targeted than schools and be more severely affected.


What data do our schools hold that’s of value? The data that today’s schools are collecting and storing is valuable and vast. Whether it be details on individual students, test scores, financial transactions or entrance criteria – through to vulnerable children registers, truancy and child health records – each could be extremely damaging if published and it doesn’t take a PhD to figure out the possible downstream effects. Malicious actors might not only gain from a ransomware payment to restore access to IT operations. They can also sell identity and financial information to the highest bidders on the dark web, extort further money through blackmail of individuals and their families, or threaten to expose suppliers’ data.


Why are our educational institutions coming under attack? Unfortunately, schools are a soft target. IT support is often limited, budgets tight, and many use standard software provided to the education sector. If a vulnerability is found in that software, it won’t take long for the criminals to hear about and exploit it. Similarly, the threat environment for most schools has rapidly expanded over recent years to embrace remote learning, parent- teacher apps, mobile devices and a host of other connected learning technologies. With budget constraints meaning students


22 www.education-today.co.uk


are encouraged to use their own devices, more connections with often-unsecured devices dramatically expands the surface area for attack.


But the main reason that schools are a soft target boils down to culture. Other industries, such as finance, healthcare or retail, that also deal with people and their personal information, are heavily regulated on privacy and data protection. They invest in their technology backbone as a competitive advantage and know their reputation is directly linked to their ability to keep private information safe.


Schools don’t necessarily want to embrace such stringent measures. They don’t want web filters to block research or surveillance to curtail creativity. They want the freedom to move files around departments and establishments


to provide the kind of joined up environment for continued education that also supports and is supported by external services. And, while employees are typically the weakest link in any enterprise’s cybersecurity chain, the enterprise sector invests a lot in training. The same is particularly difficult to enforce among students who are likely more susceptible to an attractive phishing lure or unauthorised app download. The advent of generative AI increasingly strips away the common indicators of spelling errors and poor English, replacing known scam indicators with convincing deepfake videos, flawless emails and tempting, personalised offers.


With the value of the data high and the walls paper thin, hackers have all the incentive they need to mount an attack. And, in many past cases, schools have paid the ransom.


How can schools protect themselves from attack? While it’s tempting to look the other way and simply hope you’re not targeted, ‘hope’ is not a strategy you can count on. The good news is that schools don’t have to do it all themselves. Automated cybersecurity solutions that leverage the predictive advantage of AI can support institutions of all sizes in overcoming the challenge of insufficient resources, without blowing the budget or compromising the fluidity of internal information flows. To help keep costs down, for example, Managed Security Service Providers (MSSP) offer various level (and price) options for support to deploy endpoint protection solutions. Or a subscription to a 24/7 externally monitored XDR (Extended Detection and Response) service can augment the capacity and skills of stretched internal IT resources. By securing endpoint and network security systems through a managed XDR service, schools, colleges, and universities can have access to enterprise-grade solutions and round-the-clock cyber experts at a fraction of the cost. Like putting in the revision for a final exam, if educators put the groundwork in now and take the necessary steps to properly secure their data, the future will remain bright and full of possibilities for the nation’s academic community and with any luck, “the dog ate my homework” excuse will resume its rightful place in schools across the country.


October 2023


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44