Freely subscribe to our NEWSLETTER

Comment attributed to Chris Vaughan, AVP - Technical Account Management, EMEA at Tanium:

“While it’s awful to see sensitive data linked to young pupils and school staff leaked online, it has become more common in recent months. The Vice Society hacking group is responsible for this latest attack and it has also been behind a high-profile string of security breaches targeting schools in the UK and USA. This includes stealing 500 gigabytes of data from the Los Angeles Unified School District. We know that the group is motivated by financial gain because it makes demands for money before leaking the sensitive documents if payment is not made.

This attack is another reminder of how cyber attackers are becoming increasingly more targeted and sophisticated with their methods of attack. If sensitive school data falls into the hands of malicious actors, there is no control on where the data might end up and what it might be used for. It’s vital that education institutions are aware of the simple steps that can be put in place to avoid a data breach from occurring. This includes ensuring that they have a complete view of the devices connecting to their IT environment and securing cloud networks to block unauthorised access to pupil and staff data. This will help them identify any weaknesses that could increase the likelihood of a cyberattack being successful, such as unpatched devices or IT users adopting risky behaviours. Another measure that will help negate these attacks is a thorough cybersecurity training programme for staff. This may seem obvious, but many security breaches start with a user clicking on a malicious link – often in a phishing email. With such sensitive data being stored, it is an essential requirement for organisations to follow these steps, to have greater visibility and control over their data and minimise the likelihood of breaches occurring again.

In summary, it is imperative that schools adopt best practices in cybersecurity by ensuring they have complete visibility and management of the devices connected to their networks. However, a lack of skilled resources makes it difficult to achieve this and to address the other requirements of a successful cyber security program.”

Comment attributed to Johan Dreyer, EMEA Field Chief Technical Officer at Mimecast:

“It’s saddening to see the increase in educational institutions being targeted & becoming the victim of cyberattacks. Cybercriminals are targeting the sector that’s well known to collect large volumes of sensitive data which, once obtained, can be held for ransom and often sold on the dark web.

It is essential all organisations adapt to the increased adoption of cloud services by implementing strong cyber hygiene practices. These include measures such as cybersecurity awareness training for staff & students, strong email protection, good password management with multi-factor authentication and ways to keep their sensitive data secure.

I would encourage education institutions to roll out mandatory cybersecurity awareness training to inform both students and staff of the role they can play in preventing such attacks as well as reinforcing the layered approach to cyber security. Our research shows that ransomware attacks cause an average of three days of system downtime in organisations that are targeted. Such downtime in an educational setting would significantly impact the quality of learning that staff can deliver to students – something that would be very unfortunate especially considering our current circumstances. Additionally, since many schools and colleges handle the data of young people and children – this information is sensitive, so the importance of their data being adequately protected is crucial.”