The commentary from Matt Aldridge, OpenText Cybersecurity about Leytonstone School cyber attack
After the recent news concerning Leytonstone School, which had to temporarily close as a result of a serious cyber incident.
The commentary on the news from Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity:
“The case of Leytonstone School is interesting, because it is a lack of availability of its Single Central Record (SCR) document, which is a key reason preventing its reopening. This should be warning for all schools that they should keep separate, safe, offline backups of all key documents (and probably hardcopies in a safe), so that they can continue to function if they experience a serious cyber event such as this. A robust, cloud-based backup solution with immutable storage should make quick work of recovering from a situation like this.
Although unfortunate, it’s no surprise that cybercriminals are targeting educational institutions, as they are often large sprawling organisations that are hard to administer and secure. There is an ongoing challenge of balancing resources between their mission of educating students and highlighting need for cybersecurity. With precious data sitting on individual students’ laptops as well as institutional servers, often criminals deploy their tactics to steal access credentials and get hold of private information.
The attack on Leytonstone School should serve as a reminder that no one is ever too small or too large to be a target to cyber criminals, especially when dealing with personal sensitive information. The key learning lesson here is making sure that not only are your own security processes up to scratch, but also that any third party dealing with sensitive data or accessing your network does so in the right way too. To limit the impact of these attacks, organisations that hold private information should ensure they have clearly defined security policies and procedures to avoid any data leak. This starts with education, which underscores all effective cyber resilience and data protection strategies.
Security awareness training programmes can now inform and educate staff and students on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics. Attack simulations can also be used to automatically send users for re-education should any training issues be identified. The training materials used need to be updated continuously to reflect the latest threat trends, and regular simulations should be run to ensure that the training has the desired effect. In summary, educational institutions need to ensure they are not the low hanging fruit that makes easy pickings for cybercriminals.”