As the summer holiday season comes to an end, schools across the United Kingdom have been gearing up to the new term.
Having had to contend with COVID a few years ago, and this year the threat of crumbling concrete, another worry is playing on the minds of headteachers – that of cyber attacks..
In the last few days, a number of schools have been targeted by ransomware attacks. One school – Debenham High School, in Debenham, Suffolk said all its computer facilities were offline as a result of an attack and have resorted to using a gmail account for any correspondence.
St. Augustine Academy in Miadstone, Kent is another victim. In an announcement on the 8th September, the academy announced the “sophisticated cyber attack” and advised partnts and carers to change passwords for any devices, and to be vigilant for suspicious activity & emails.
A third school – Highgate Wood School, has had to remain shut for a further week following the school summer holiday due to a cyber attack, meaning disruption for approx. 1, 500 pupils and their families.
An email addressed to parents from the school, read: “With the help of Haringey Council, London Grid for Learning and other external experts in the field of cyber security, we’re doing everything to get our systems and functionality back up and running as swiftly and securely as possible.“
Another school – The Maiden Erlegh Trust in Earley, near Reading has also been the victim of a ransomware attack.
In an open letter to parents, headteacher Paul Gibson said: “We are currently facing some technical issues with our IT systems.
“As a result of this situation, staff at the school do not have access to any teaching resources and very limited access to the technology we have become accustomed to.”
Soft targets
These recent attacks are, unfortunately not new events for schools – the education sector in general has been the target of cyber attacks for many years.
Often under funded, many schools do not have a dedicated cyber security team, and the responsibility for the schools security falls to traditional IT support staff.
In 2022, the NCSC produced a report in association with the London Grid for Learning Trust (LGfL) which looked a cyber security in schools.
The report was the basis of an audit of more than 800 schools and delivered some concerning findings.
- Just over half of schools – 53% – said they felt prepared for a cyber incident
- Staff training of non-IT staff in cyber security was 55%
- Awareness of phishing in schools was 73%
- 49% of schools had included their core IT services in a risk register and/or business continuity plan
- 78% of schools had experienced at least one type of cyber incident listed with 7% experiencing significant disruption as a result
- 21% of schools had experienced a malware and/or ransomware attack and 18% had experienced periods with no access to important information
- 17% of schools had no cyber security policy or plans
- 30% of schools had no contingency or business continuity plans
The report said that schools must continue to focus on improvements to security with 4% having no back-up facilities, 26% not implementing multi-factor authentication and 25% not limiting staff access to USB devices
