Lessons from cyber attacks on the education sector

Post Incident Reviews
Written By Matt Palmer

Education sector cyber attacks: how can we protect our schools from ransomware?

In 2023, schools saw a noticeable surge in cyber attacks. Various institutions across the US and UK have been targeted by hackers that steal information, exploit money, and shut down networks or systems.

Learning from these incidents can help boards, directors and governors, and cyber security experts respond to the current threats in today’s digital landscape.

Cyber attacks can close schools

Incidents, what incidents?

As smaller organisations, attacks on schools sometimes fly under the radar. But as academic institutions become more dependent on IT systems and digital solutions, they become more vulnerable to cyber attacks. Here are some examples of events that happened within the year:

London, UK

Just this September, Highgate Wood School in North London was shut down after its computer systems were hacked. This was a type of denial-of-service (DoS) attack that prevented the school from accessing critical programs. Thankfully, the school’s headteacher said that they “are extremely confident that [their] data has not been breached.”

New Jersey, US

Administrative employees of the Bridgewater-Raritan district in New Jersey suffered a data breach in February 2023. Their Social Security numbers, names, and other sensitive information were accessed by an “unauthorized actor.”

Germany

The Kaiserslautern University of Applied Sciences in Germany had its entire IT infrastructure taken offline last June 2023. Around 6,200 students and staff were affected after the encryption attack. While there haven’t been reports that sensitive information was stolen, the school still had to shut down computer pools and their library to avoid further complications.

These are just a few examples. In the US alone, there has been an uptick of 17% in ransomware attacks in the first quarter of 2023. This trend has prompted the White House to hold a summit to help address the problem.

Learning the methods of hackers

While the specific reasons and methods for each attack vary, here are the common methods used by cybercriminals:

Exploitation of Program or System Vulnerabilities

Computer applications and programs are not perfect, and many need regular updates to patch security vulnerabilities. Unaddressed vulnerabilities can be exploited by hackers, allowing them to access the system without the owner knowing. This practice may have enabled hackers to shut down the entire IT infrastructure of Kaiserslautern University of Applied Sciences. After hacking into the system through a vulnerability, they may have encrypted the system without interfering with normal computer function, allowing them to work without detection.

Using Compromised Credentials

Compromised credentials are usernames, passwords, and other login information that have already been stolen or exposed to cybercriminals. These can be taken via phishing emails, data breaches, and credential stuffing. Thanks to a large number of users who may not have a good grasp of information security practices, institutions become more vulnerable to these compromised credentials. Hackers can steal these details and pose as the user, enabling them to access the system and shut it down, like in the Highgate Wood School case. However, there is no evidence that compromised credentials were the cause of the school’s attack, as no more details have been released at the time of writing.

Phishing

Phishing refers to the use of social engineering to manipulate people into divulging sensitive information, like passwords and security questions. In 2020, a Texas school district lost $2.3 million after criminals contacted individuals while posing as trusted entities. Phishing is also seen as the most likely cause of the Bridgewater-Raritan district cyber attack based on investigation. The unauthorized actor used phishing tactics like pretending to be a trusted individual to gain the trust of users, making them more likely to reveal confidential information.

Crisis management by the schools

Each school experienced a specific type of attack, so there is no single approach to help address each crisis. However, the following are the common methods each school used to mitigate their incidents and avoid issues in the future.

  • Shutting Down Systems: Highgate Wood School and other schools that experienced an attack immediately shut down the compromised systems to stop the hackers and contain the attack.

  • Communication With Stakeholders: Another practical step that the institutions took was to inform students, staff, and other stakeholders about the event. With their awareness of the incident, these victims could start taking proactive measures to prevent identity theft, fraud, and other issues.

  • Creating an After-Action Review: In a guide published by the US Department of Education, schools can create an After-Action Review. This involves a six-step planning process that helps schools create a more robust plan against future cyber attacks.

What was the impact of cyber attacks on schools and learners?

  • Financial Loss: According to a US Government Accountability Office report, a school may lose up to $1 million per incident.

  • School Suspension or Closure: Schools may close because of a cyber attack, especially if many of their processes rely on computer systems. Highgate Wood School delayed their return to school after they were targeted.

  • Leak of Confidential Information: Data breaches can result in information being stolen and sold. This has already been documented in several instances, with many students experiencing traumatic events because of their exposed data.

Controls and measures to implement to resist cyber attacks

Schools and companies work similarly, especially in regards to handling large amounts of sensitive data. That is why these school cyber attacks must be regarded as lessons for board members, cybersecurity departments, and leaders.

  • Phishing Training: People are often exploited during phishing attacks. Having strong training for your employees can help them identify scams and phishing attempts in emails and other modes of communication.

  • System for Software Updates: Organisations must have a system in place to ensure regular updates and vulnerability patches for their software.

  • Robust Data Management Policies: Gathering, using, and storing data should be accompanied by strong access control protocols, encryption methods, and backup systems.

Are you ready for cyber attacks?

The trend of increasing cybercrimes against schools is alarming, and businesses — big or small — are also targets. What measures are you taking to resist ransomware attacks, phishing scams, and similar methods? Answering this question can help us adopt a more robust approach to cybersecurity.



Matt Palmer
Previous

What can we learn from the March 2017 Equifax data breach?
Next

Cyber security assurance: What is right for my business?