zephyr_p - stock.adobe.com

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks

The National Cyber Security Centre (NCSC) has issued a new cyber security alert to the UK’s education sector as schools, colleges and universities reel from a spate of ransomware attacks. It is offering revised advice and guidance to the sector as it struggles to get back on its feet following the Covid-19 outbreak.

The NCSC said it had recorded a rise in attacks – including, notably, a ransomware attack on the University of Newcastle – in recent weeks as cyber criminals turn their attention to institutions that are rather more focused on getting students back into learning environments safely following months of disruption.

“This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible,” said NCSC operations director Paul Chichester.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

“We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.” 

The NCSC’s new alert supplements existing guidance that applies equally to any other industry, and academic institutions are advised to taker immediate steps to ensure their security, most critically ensuring that data is backed up and stored offline.

It also includes advice on what governing bodies and trustees should ask school leaders to improve a school’s understanding of cyber security risks, and how best to cascade cyber security guidance down to front-line teaching staff.

“As the last six months have shown us, it has never been more important for colleges to have the right digital infrastructure in order to be able to protect their systems and keep learning happening, whatever the circumstance,” said David Corke, director of education and skills policy at the Association of Colleges.

“This needs a whole college approach and for a focus wider than just systems. It needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong.

“This guidance will prove incredibly useful for colleges to ensure that they can do just that.”

Steve Kennett, executive director of e-infrastructure at Jisc, added: “Jisc welcome the NCSC support in dealing with the current spate of ransomware impacting the UK education and research community.

“We encourage everyone to review the latest guidance from the NCSC and take the time to assess the risks to their organisation.”

Read more about ransomware

In August, the results of 134 Freedom of Information queries published by PR agency Topline Communications highlighted the scale of the threat to academia. The agency found that of 105 UK universities that responded, 33% said they had been subject to a ransomware attack in the past decade, and 45% declined to answer the question, suggesting the true figure may be much higher.

Sheffield Hallam and City, University of London stood out in the data, reporting 42 attacks since 2013 and seven since 2014, respectively.

Proofpoint international cyber security strategist Adenike Cosgrove said: “The education sector has been something of a powder keg for a very long time. Education institutions hold masses of highly sensitive data on individuals, perhaps more so than any industry outside healthcare. Along with personal information such as name, address and date of birth, there is also the potential to hold payment details, ID, health records, and much more. This trove of information puts a target on the back of every good-sized school, college or university.

“Also, like medical institutions, education centres must maintain short- and long-term continuity. Cancelling exams, writing off grades and cutting off services is not an option, and cyber criminals know this, which also makes the sector one of the most targeted by ransomware attacks.”

Chris Goettl, senior director of security product management at Ivanti, added: “Ransomware is most effective when the attacker can cause significant pain and create a sense of urgency. The fact that many institutions are in remote or hybrid learning will contribute to the pain and urgency that come with these attacks. If digital disruptions are frustrating in normal circumstances, they are catastrophic in times of distance learning.”

Read more on Hackers and cybercrime prevention