Government puts entire UK education sector on cybersecurity alert

© Provided by TechRadar
null

The government’s national security body has issued a nationwide warning to the UK’s school system concerning possible cyberattacks.

As students across the country return to school following the nationwide lockdown that curtailed the last school year, fears have arisen that institutions could face attack due to a lack of proper protection.

The warning from the National Cyber Security Centre (NCSC) says that schools and universities need to take steps immediately to make sure they stay protected. This includes moves such as upgrading cybersecurity protection, ensuring data is stored securely, and making sure systems are backed up away from the premises.

School attack

The NCSC says it has been investigating an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges and universities over the past few months.

“This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” Paul Chichester, director of operations at the NCSC, said.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

“We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.” 

Educational institutions across the world were hit by a wide-ranging cyberattack attack known as Blackbaud back in August, with schools and universities hit with ransomware assaults.

The NCSC advisory lists a number of ways it has seen criminals target schools in recent months, including phishing emails, unpatched or unsecure hardware and software, and remote desktop protocol attacks.

The rise in online schooling over lockdown may have contributed to a rise in the latter, with students and teachers alike using personal devices to log in to workplace networks or connect to lessons.

“The NCSC recommends that organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks,” the NCSC says.

“Your organisation should also have an incident response plan, which includes a scenario for a ransomware attack, and this should be exercised.”

Video: 09152020 Tech Appleevent 1 (TechRadar)