Towards the end of 2018, and throughout these first few months of 2019, we have seen a huge rise in cyber attacks on the education industry - but why are they such a big target for hackers?

One of the key reasons is that schools hold very valuable data in comparison to typical corporate businesses - this may come as a surprise, but a credit card can be sold on the black market for just a few pounds, but exam results, medical records, research studies, and more can often be sold at a much higher amount to the right buyer.

On top of this schools are deemed ill-equipped to deal with these advanced threats by hackers as so many schools are still relying on more basic traditional security solutions - often due to spending limitations and small IT teams carrying the burden alone.

 

Recent Cases

Last week it was reported that The Sir John Colfox Academy in Bridport suffered a Ransomware infection initiated by a single staff member mistakenly opening a Phishing email, which claimed to be from a colleague at another Dorset school.

Although the majority of school and student information was left uncompromised as far as we know, the GCSE coursework submitted by Year 11 students for an entire subject was completely lost.

-

In late December last year a Phishing campaign was sent to the parents of various schools, using account compromise to make the message seem legitimate.

One school that experienced this attack was Newcastle's Royal Grammar School, who had an email sent to parents offering a 25% discount on school fees when paid in Bitcoin as a one-day-only offer. This email was sent from the official email address of the school's bursar, which could have been enough to fool many users, but the school were lucky enough to spot these emails early and send a warning to parents - if any of the parents had fallen for this scam they would have lost at least £10,000 with no way to recover it.

 

Government Warnings

At the start of this month the Education and Skills Funding Agency issued an update warning schools of this increased targeting of the educational sector, stating:

"We are aware of a significant increase in incidents of cybercrime against academy trusts in the past year and that some of you have already experienced incidents of fraud. You should therefore have addressed potential internal control and procedural weaknesses to reduce further risks arising."

This increase in cyber-crime is displayed through data from the Information Commissioner's Office, which reports a 69% increase in reported cyber attacks on schools when comparing Q3 of 2017 and 2018 - which has no doubt continued to grow since.

 

How Altinet can Help

Altinet Managed Email Security

Our Managed Email Security Gateway includes spam and virus blocking, email continuity, DoS prevention, link protection, encryption, and policy management – combined to deliver a complete solution.
Not only do we provide a fully managed email security solution, our technology includes real-time threat protection for advanced threats. This technology combines behavioural, heuristic, and sandboxing technologies to protect against targeted attacks. 

Research PaperPhishing Attacks: The Evolution & Trends of 2018

Case StudyWellington Academy Case Study

 

Barracuda Sentinel

Barracuda Sentinel combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution that guards against business email compromise, account takeover, spear phishing, zero-hour threats and other advanced attacks.

Sentinel’s unique approach does not rely on static rules to detect targeted attacks— it relies on historical statistics of each organisation to determine with a higher degree of accuracy whether a certain email is part of a socially engineered attack or account takeover.

Case StudySpring Arbor University Case Study Solution BriefSolution Brief: Top 3 Impersonation Attacks