NCSC issued an alert to UK universities and colleges about spike in cyber attacks - Comment from Webroot
September 2020 by Matt Aldridge, Principal Solutions Architect at Webroot
The National Cyber Security Centre (NCSC) has today issued an alert after a recent spike in attacks on educational institutions. The return to school, college and university has led to educational institutions facing an increased risk from cyber-attacks, which the security agency says could "de-rail their preparations for the new term”. Please find more information here: https://www.bbc.co.uk/news/education-54182398
Matt Aldridge, Principal Solutions Architect, Webroot comment:
“It’s unsurprising that education institutions continue to be targets for cybercriminals, especially considering they can be large sprawling organisations that are hard to administer and secure. Balancing resources between their mission of educating their students and the need for cybersecurity is an ongoing challenge. For cybercriminals, now is the perfect time to cause disruption as students start the term. In order to limit the impact of these attacks, the NCSC has done the right thing by sending out a warning to these organisations and encouraging them to take action.
As the education sector is a huge pool of sensitive data, we recommend all institutions plan for cyber resilience to protect their IT infrastructure and data regardless of the recent increase in risk. Often, precious data is sat on individual students’ laptops/desktops as well as institutional servers, so monitoring of access related to personal devices and the massive challenge of stolen credentials can pose real difficulties for IT departments, along with the backing up of this data. Cloud-hosted solutions can help greatly here if deployed in good time.
Staff training is also essential to defend against phishing attacks and business email compromise. The training materials used need to be updated continuously to reflect the latest threat trends, and regular simulations should be run to ensure that the training has the desired effect. In summary, educational institutions need to ensure they are not the low hanging fruit that makes easy pickings for cybercriminals.”