Schools and universities brace for cyberattacks

NCSC issues a cybersecurity alert following a rising attacks on UK academia

Posted 17 September 2020 by Christine Horton

The National Cyber Security Centre (NCSC) has issued an alert to the academic sector following a spate of cyberattacks against UK schools, colleges and universities.

The warning follows a recent spike in ransomware attacks against education establishments in August, which NCSC said caused “varying levels of disruption”.

“This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” said Paul Chichester, director of operations at the NCSC.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

“We are absolutely committed to ensuring UK academia is as safe as possible from cyberthreats and will not hesitate to act when that threat evolves.”

The NCSC has announced several immediate steps education establishments can take such as ensuring data is backed up and stored on copies offline. It also urged them to read the NCSC’s newly updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

Rise in ransomware

David Corke, director of education and skills policy at the Association of Colleges, said it more important than ever that colleges to have the right digital infrastructure to protect their systems.

“This needs a whole college approach and for a focus wider than just systems, it needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong,” he said.

Local government is also being targeted by ransomware. Last month, research from Barracuda Networks found that 44 percent of all observed ransomware attacks in 2020 have been aimed at municipalities.

The surge in cyberattacks targeting local authorities, was confirmed by NCSC, which said the threat has been exacerbated by the increase in remote working during the COVID-19 pandemic.