UK schools facing 1,800 cyberattacks a week

October 13, 2022

A security expert has claimed the UK education sector faces 1,800 cyberattacks per week.

Deryck Mitchelson, Field CISO at Check Point and former NHS Scotland CISO, has urged schools and colleges to increase efforts to combat the threat.

The figure is based on Check Point’s own internally-generated threat intelligence report.

Ransomware group, Vice Society, has attacked multiple education centres in the United States and UK, including Test Valley, Buntington First School and Harpenden Academy.

The ransomware attacks resulted in confidential data being posted on the “dark web”, putting over 4,500 students at risk.

Check Point has already reported a 44% increase in cyberattacks against this sector worldwide, compared to 2021.

This year, there have been high profile attacks on the Los Angeles Unified School District as well as the Chicago public school system, that exposed four years’ worth of records of nearly 500,000 students and just under 60,000 employees.

Even before the recent spate of Vice Society attacks, British school De Montford also fell victim to a ransomware attack earlier this year.

According to Check Point, “part of the appeal is the sheer number of personal details”.

A statement added: “In most companies you tend to only have employees whereas academic institutions don’t just have employees like teachers and lecturers, they also have students.

“With so many more people, this makes networks in the sector much bigger, more open and more difficult to protect. Plus, that also means there is so much personally identifiable information (PII) that can be used for financial gain.”

Mitchelson commented: “Academic institutions are currently sitting ducks. Our research team’s monthly threat index has found education to be the most impacted sector for the whole of 2022.

“It’s clear that cybercriminals are finding these attacks fruitful, and schools and colleges should be preparing for the rate of these attacks to increase even further.

“Students are not employees, they use their own devices, work from shared flats, and connect to free wi-fi without necessarily thinking about the security risks.

“This combination of a lack of understanding and ignorance has contributed to the perfect storm, giving hackers free run. While Vice Society is clearly on a mission to target more and more schools, it’s critical that action is taken now to prevent it from happening.

“A ransomware attack should not just be seen as an inconvenience, it could potentially result in a school being closed down, as was the case with Lincoln College that we saw earlier this year.

“There are technologies than can allow universities, colleges, and schools to be more secure without disrupting student education.

“By choosing to adopt a prevent-first approach and by integrating best practices such as network segmentation, multi-factor authentication and endpoint security, academic institutions can begin to fight back against malicious cybercriminals.”

Read Next

Security Journal UK

Subscribe Now

£99.99 for each year
No payment items has been selected yet