NCSC beefs up support for education sector after spate of attacks

A wave of cyber attacks against schools, colleges and universities across the UK in the past month has prompted the National Cyber Security Centre (NCSC) to offer refreshed guidance and additional support to the sector.

The NCSC said it had seen a significant increase in the number of attacks since February as establishments prepared to welcome back their students for face-to-face learning, and while it is unable to disclose details of any specific operations, it has been providing extensive incident response assistance.

In one of the higher profile incidents seen, the University of Central Lancashire in Preston, the University of the Highlands and Islands in Inverness, and Queen’s University in Belfast (home to the Centre for Secure Information Technologies (CSIT), one of the UK’s leading cyber research centres), were all attacked in the space of a week.

The NCSC said it was particularly concerned about ransomware attacks – public sector bodies such as education institutions are at particular risk of falling victim to ransomware because they frequently hold high-value personal data, and are thus considered more incentivised to pay off cyber criminals.

NCSC operations director Paul Chichester said: “Any targeting of the education sector by cyber criminals is completely unacceptable. This is a growing threat and we strongly encourage schools, colleges and universities to act on our guidance and help ensure their students can continue their education uninterrupted.

“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents,” said Chichester.

Steve Kennett, director of e-infrastructure at the higher education support body Jisc, added: “Jisc has been helping many colleges and universities recover from ransomware attacks recently, so we have seen what a devastating impact this crime has on the sector. I urge all education and research institutions to act swiftly to ensure their systems and data are robustly protected.”

Matt Bearpark, head of product for connectivity and online safety at RM, a supplier of IT hardware and other services that specialises in schools and universities, said he too had seen a marked increase in malware infections and ransomware attacks at his clients, some of them with serious impacts, including loss of key files and data or inability to conduct day-to-day teaching.

“We believe that, in many cases, these issues were avoidable, and we welcome the actions of the NCSC in alerting the sector to some of the precautions they can take – to both minimise the likelihood of such an attack, as well as to mitigate the impact that one may have on their ongoing operation,” said Bearpark.

“While a technology partner – such as RM – will always help to keep their customers’ technology systems and data safe, there are always new risks to stay aware of and potential vulnerabilities and fallibility in process and human behaviour.”

Among other things, the NCSC is recommending a number of steps to ensure a defence-on-depth strategy, from appropriate staff training, through to technical solutions such as the installation of up-to-date antivirus software, keeping secure and regularly tested offline backups of data, and conducting regular incident response simulations and disaster recovery tests.

The full alert and guidance on preparing for and mitigating the impact of ransomware attacks is available to read online at the NCSC’s website, and of course remains relevant to any organisation, not just educational bodies.