Alarm bells were raised again for the education sector this month as the article - Ransomware attack affected websites of 5,000 schools - by CNN writer Sean Lyngaas, revealed the attack against software provider Finalsite, hitting thousands of school websites across (predominantly) the U.S.
However, around 8,000 high schools, boarding schools, and colleges globally use Finalsite software.
Morgan Delack, a Finalsite spokesperson, declared the majority of schools are back online and that "we do not have any evidence to show data has been compromised". Having discovered the ransomware last Tuesday (4th January), the firm took steps to contain the attack, shutting down their network and rebuilding it “in a clean environment”.
Among those affected was The Aquinas Institute of Theology, a Catholic graduate school in St. Louis. In an email to CNN, they explained how the attack had disrupted the enrolment of applicants. "(Our) web presence was definitely interrupted by what happened with Finalsite. Poor timing for us as we are right in the middle of a final push for applicants to our programs, and it's hard to talk to folks about programs when the website with the information isn't working." Jessica Adams, coordinator of graduate enrolment at the Aquinas Institute of Theology.
According to Brett Callow, threat analyst at cybersecurity firm, Emsisoft, the attack was not an isolated incident to the sector, with more than a thousand K-12 schools in the U.S. affected by ransomware in the last three years. He emphasised, "there is no reason to believe that 2022 will be significantly different from previous years in terms of the number of incidents".
Figures in the UK seem to be heading in the same direction, with the National Cyber Security Centre (NCSC) and the Department for Education (DfE) issuing various alerts to the education sector throughout 2020 and 2021.
Highlighting an increase in ransomware attacks against the UK education sector in August/September 2020 and February 2021, the NCSC investigated a continued escalation in attacks against schools, colleges, and universities during Q2 of 2021. Further illustrating the extent of the situation, Check Point Research in July 2021 found the UK/Ireland/Isle-of-Man region to have experienced a 142% increase in weekly cyberattacks.
The need for educational facilities to protect their networks and data has never been so crucial, as the sector sees stark evidence of being targeted by threat actors. With a wealth of valuable data, schools are ripe for the picking as cybercriminals look to steal valuable credentials and cut off access to critical services. In an earlier insight, we identified just how great a threat to the industry this is, with reports indicating that schools were the most vulnerable by far.
According to the CNN article, the Government Accountability Office has called on the Department of Education to “do more to protect schools from hacking threats”.
This perhaps downplays quite how damming the department failures are, as a report published in November by the U.S. Government Accountability Office (GAO), found that the plan for addressing risks to schools was issued in 2010. Clearly, this is now radically outdated and should be reworked with this decade’s cyber risk landscape.
Educational facilities looking to understand their cybersecurity posture and resistance against threat actors can gain a true insight into the security of their networks with cyber risk assessments such as Cyber3. This evaluation looks at the five key areas of cyber risk management (People, Process, Technology, Vendor Management and Data Asset Awareness), giving a comprehensive, yet clear report on cybersecurity posture, with an action plan for improvement. Additional services look specifically at the online presence and what can be seen by attackers looking for their next target. CyberProfiler balances the Cyber3 assessment by doing just this, assessing an organisations’ online footprint to gather the Attacker’s Eye View™. Equipped with both the awareness of how secure their internal networks and data are - and how exposed their internet-facing systems may be; schools gain the knowledge they need to be proactive in their defence against cyberattacks.
“Unfortunately, we’re seeing a growing number of cases affecting schools because they pose an excellent target for fraud with delayed payment processes and often weaker IT security. Often parents pay school fees over the holidays, and so it’s not until the new term begins that issues with these invoices will arise, giving fraudsters ample opportunity to intercept credentials and steal funds. Without adequate staff training or basic security controls such as Multi-Factor Authentication (MFA), criminals can gain access to a schools email systems, typically through phishing attacks, and gain the credentials to divert payments into their own accounts.
“We’re still seeing fees administrated out of electronic mailboxes (often hosted online), and schools communicating with families via webmail, exchanging card details, medical history, and passports. These are incredibly easy for cybercriminals to infiltrate. Parents must be aware of the risks here and telephone the school when they receive payment requests. Until we see schools moving towards better cybersecurity training, regular cyber risk assessments, payment gateways, secure communication portals and MFA, we will continue to see the victimisation of schools.”
Neil Hare-Brown
CEO, STORM Guidance
Learn more about Cyber3 and CyberProfiler
View the websites here: