Schools are being urged to step up their efforts to guard against cybercrime amid a rising threat of attacks that could lead to pupils’ data being shared on the dark web.
The number of cyberattacks on schools has been growing throughout August, with criminals more likely to strike as the autumn term gets underway, according to the National Cyber Security Centre (NCSC), a part of GCHQ.
In an effort to reduce the risk, the NCSC issued an alert to schools containing a number of steps they could take to keep cybercriminals out of their networks.
Related: College cyberattacks on the rise
Cyber crime: Schools more vulnerable to cyber-attack due to ‘budget pressures’
Viewpoint: ‘There’s only so much teachers can do about online safety’
Ransomware attacks typically involve the encryption of an organisation’s data by cybercriminals, who then demand money in exchange for its recovery.
But Paul Chichester, director of operations at the NCSC, said there has also been an increased incidence of cybercriminals posting stolen data to the dark web.
“It is a known tactic of groups now,” he said.
“Cybercriminals went from stealing the data and selling it online - generally sort of credit-card details - [to realising] they could make more money by extorting people, by encrypting their data.
“And what they’re also finding now is people aren’t paying, so to put more pressure on the victims they’re actually now publishing the data, or samples of the data, on the dark web.”
Asked whether schools had been affected by cyberattacks, Mr Chichester said: “Schools are definitely at risk from this threat. To some degree, the cybercriminals aren’t discriminating in terms of who they’re targeting so they will cast their net very widely and see what they get.
“So yes, definitely, some of the cases that we have been dealing with - that law-enforcement colleagues particularly have been dealing with - do relate to schools.
“They relate to…all sectors, so primary, secondary, tertiary, further education and universities.”
And he warned that data stolen from schools could subsequently end up on the dark web.
“There’s always been a sort of threat of cybercriminals stealing personal information, if you like, to make money - personal information of adults,” he explained.
“But in this instance, what we’re seeing now is cybercriminals publishing some of the data they’re stealing on the dark web. So they’re selling that information.
“So from a safeguarding point of view, this is a really important issue.”
He added: “This is a threat to [schools’] operational functioning, so not being able to run the school, not being able to admit pupils at this time of year. But also, it’s a threat to the data that they hold.
“What we really don’t want to be seeing is sensitive details of children and things like that being published on the dark web.”
Mr Chichester said it was “really important” for organisations across the education sector to understand the “tangible impact” this could have on them.
“We’re well aware of how busy schools and colleges…are at the moment, they’ve got a lot on,” he added.
“But the reason for doing it now is that they are probably at most risk - in that they’re back to term, they’re back trying to get things up and running again. We know cybercriminals target victims in this situation - at what they hope is their weakest moment.
“So the sector is particularly vulnerable at the moment, and I think that’s why we’re really keen to get the message out there that there are simple things that they can do, that they can understand.”
The NCSC urged schools to take immediate steps to ensure data is backed up, with copies also stored offline. They should also read the organisation’s newly updated guidance on mitigating malware and ransomware attacks, it added, and develop an incident-response plan that the school would then regularly test.