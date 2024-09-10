Upskilling educators to defend against increasing cyberattacks

September 2024 by Ian Ridsdale, Senior Manager, Public Sector, Fortinet

Cyberattacks on some of the biggest global organisations consistently hit the national newspapers. This is largely due to the obvious financial repercussions and consumer interest. However, cyberattacks on educational institutions tend to fly under the radar a little more.

The cyber security breaches survey 2023 found that a whopping 85% of higher education organisations and 82% of further education institutions identified breaches or attacks. Universities are at particular risk due to having very large attack surfaces for cyber criminals to exploit. Additionally, research and innovation happening at universities can place them firmly in the crosshairs. Gaining access to intellectual property, pioneering research and highly sensitive data makes them a target for attacks across the whole of the UK.

As the digital transformation of education accelerates, it is imperative we upskill educators in both schools and universities to have a fundamental understanding of cyber threats to safeguard both institutional and student data.

Why educational institutions are just as much a target as corporate organisations

Several factors contribute to the attractiveness of educational organisations to cybercriminals. Firstly, they store vast amounts of sensitive data, including personal information of students, faculty, and staff, as well as research data and intellectual property. This data can be valuable to cybercriminals for various illicit activities, including identity theft, financial fraud, and espionage.

Keeping up with the ever-changing threat landscape makes educational institutions a target for cybercriminals who exploit vulnerabilities in software and hardware to gain unauthorised access to sensitive information.

It is also important to note that students, teachers, and staff face the ongoing battle of keeping pace with the latest cybersecurity best practices, making them more susceptible to phishing scams, malware infections, and other cyber threats. Cybercriminals exploit this lack of awareness to launch targeted attacks that can compromise entire networks.

Upskilling teachers and school staff: A necessity, not an option

Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, it is crucial to upskill teachers and school staff to recognise and respond to cyber threats effectively. However, there are challenges associated with this approach, and perhaps most prominent is a lack of prior training. Many teachers and school staff have never received formal training in cybersecurity, making it difficult for them to teach these essential skills to students. This knowledge gap creates a vicious cycle where the lack of cybersecurity education perpetuates vulnerability to cyberattacks.

There are also key issues when it comes to time constraints. Teachers and school staff already have demanding roles that leave little time for additional training. Furthermore, educational institutions often lack the resources to provide comprehensive cybersecurity training programmes, leaving teachers and staff to fend for themselves.

Making it even more complex, cybercriminals are constantly evolving their tactics and techniques, making it challenging for teachers and staff to stay updated on the latest cybersecurity trends and best practices. Without ongoing training and support, they may struggle to adapt to new and emerging cyber threats effectively. This, coupled with the fact that 98% of educational institutions believe increased cybersecurity awareness for all staff reduces cyberattacks, is why Fortinet offers free Security Awareness and Training to all primary and secondary schools across the UK. It’s a service which supports and empowers educators to be aware, stop breaches, protect data, and create a cyber-informed culture.

Preventing attacks: A collaborative approach

To effectively combat cyber threats targeting educational organisations, a collaborative approach involving stakeholders at all levels is essential. There must be investment in cybersecurity infrastructure. Educational institutions must allocate sufficient resources to upgrade their cybersecurity infrastructure, including firewalls, antivirus software, and intrusion detection systems. Regular security audits and vulnerability assessments can help identify and address potential weaknesses proactively.

In addition to upskilling teachers and wider organisational staff, educational institutions should develop comprehensive cybersecurity training programmes for students. By instilling a culture of cybersecurity awareness and responsibility from an early age, we can create a more resilient and secure digital learning environment. It is equally as pivotal to encourage teachers, school staff, and students to share information about potential cyber threats and security incidents openly. Collaboration with cybersecurity experts, industry partners, and law enforcement agencies can provide valuable insights and support in responding to and mitigating cyberattacks effectively.

Stakes too high to ignore

The rising tide of cyberattacks targeting educational organisations is a cause for concern that requires immediate and concerted action. By ensuring teachers and staff have a fundamental understanding of cyber threats and implementing robust cybersecurity measures, we can create a safer and more secure digital learning environment for all. While the challenges are significant, the stakes are too high to ignore. Let’s work together to safeguard our important and necessary educational institutions and in doing so protect the future of learning.