The U.K.’s National Cyber Security Centre (NCSC) has warned educational institutions to be vigilant of rising cyberattacks and urged them to follow required mitigation measures. The NCSC’s warning comes after the recent surge in the number of ransomware attacks targeting schools, colleges, and other academic institutions in the country. It was also found that threat actors demanded bitcoins as ransom from the victims, and threatened to expose the stolen data of students if not adhered to.
All the educational institutions have been asked to follow the NCSC’s guidelines to develop an incident response plan to defend against malware and ransomware attacks. “Institutions that have been infected with ransomware have seen their ability to operate effectively and deliver services significantly obstructed and, depending on an organization’s level of resilience, it can take weeks – and in some cases months – for services to return to normal,” NCSC said.
Paul Chichester, Director of Operations at the NCSC, said, “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible. While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted. We are absolutely committed to ensuring the U.K. academia is as safe as possible from cyber threats and will not hesitate to act when that threat evolves.”
Endless Phishing Attacks
A survey on the state of cybersecurity in the higher education sector, conducted by managed threat detection provider Redscan, revealed that nearly 54% of universities in the U.K. reported a data breach to the Information Commissioner’s Office (ICO) last year. The survey report titled “The State of Cybersecurity across U.K. Universities” stated that around 46% of all university staff received no security training and 24% did not commission a penetration test from a third-party. Defending against the constant stream of phishing scams remains a challenge for all universities. Several universities receive millions of spam and phishing emails each year, with one institution reporting a high of 130 million.
