Increasing ransomware attacks against schools, colleges and universities underline the cyber-risks faced by the UK’s education sector and highlight the need for defence-in-depth security. Credit: Skynesher / Getty / Thinkstock The National Cyber Security Centre (NCSC) has warned of a recent increase in ransomware attacks targeting schools, colleges and universities in the UK as the cyberthreats posed to the education sector continue to be laid bare. The alert follows previous NCSC notices of surges in ransomware attacks on UK education during August/September 2020 and February 2021.In a posting on its website, the NCSC stated that it is investigating another increase in ransomware attacks against schools, colleges and universities in May and early June. Attack vectors highlighted include the targeting of networks through phishing emails, VPNs and Remote Desktop Protocol (RDP) endpoints, weak passwords or lack of multifactor authentication (MFA), and exploitation of unpatched bugs or systems like Microsoft Exchange Server. What’s more, attackers are increasingly using tools such as Mimikatz, PsExec, and Cobalt Strike to enable lateral movement and privilege escalation once they’ve infected a network, the NCSC added.Cyberthreats faced by the UK education sectorThe threats posed by ransomware and other cyberattacks to organisations of all types are stark, but they take on specific significance for those in the UK education industry. “Schools, colleges, and universities tend to have comparatively low cybersecurity budgets, a broad range of open technology needs, quite a bit of remote access and users that range from wannabe hackers to people who tape their passwords to the back of their smartphones,” cybersecurity advisor, thought leader, and author Raef Meeuwisse tells CSO. “These factors also make it harder for the security functions inside such institutes to implement effective countermeasures against ransomware and other forms of cyberattack.”In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing, the NCSC wrote in its blog. Dr. Jason R.C. Nurse, assistant professor in cybersecurity at the University of Kent, adds: “As educators possess sensitive data on students, teachers, and exams, and often run some time-critical services (May and June are exam periods in many universities), they may be seen as particularly attractive targets. The reality is that ransomware attacks on the education sector have been conducted for some time, but there’s clearly been a recent surge.”Kevin Curran, professor of cybersecurity, Ulster University and senior member, Institute of Electrical and Electronics Engineers, adds that phishing remains the key method by which ransomware attacks on the education sector are carried out. “Many phishing techniques are designed to be effective, as many individual’s environments have changed and they are more susceptible to attacks. These attacks use tailored techniques, dynamic websites and regularly updated methods to remain undetected to those mostly untrained and working from home. The result is a series of attacks that have an alarmingly high success rate, yet a relatively low detection rate.” Defence-in-depth ransomware protectionThe latest ransomware activity emphasises the need for organisations in the education sector to protect their networks to better prevent and defend against attacks, the NCSC said. In updated guidance, it urged those responsible for IT and data protection within education establishments to adopt a “defence in depth” approach, focusing on factors including effective vulnerability management and patching procedures, secure RDP services using MFA, effective antivirus, up-to-date and tested offline backups, and practiced attack response exercises.“It’s great to see the guidance from the NCSC as it covers all of the key actions that organisations must take to better prevent against, and respond to, such incidents,” adds Nurse. “It really comes down to having strong preventative measures to protect against attacks but also appropriate measures to be able to recover as quickly as possible. The NIST Cybersecurity Framework lifecycle is a good starting point to address threats, encompassing identify, protect, detect, respond, and recover.”Concludes Meeuwisse, user education about security can also be a very effective and low-cost defensive tool—if the messages are clear and concise. “The more you can get people to ensure they operate securely (for example, by keeping copies of the data they consider critical for their own roles)—the less risk the overall environment will have.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe