Colleges could find themselves having to close campuses temporarily and having their reputations adversely affected if they do not protect themselves from cyber attacks, not-for-profit edtech company Jisc has said.
This comes after the National Cyber Security Centre (NCSC) today warned of an increase in ransomware attacks and said it had dealt with a significant increase in attacks since late February, when colleges and schools were preparing to welcome students back.
Jisc’s executive director of e-infrastructure Steve Kennett said he could not emphasise strongly enough how important it was for colleges and universities to heed the advice from Jisc and the NCSC to ensure their systems were patched and up to date.
Exclusive: Schools warned of ‘increasing’ cyber attacks
Background: Not had a cyberattack? It’s a case of when, not if
FE cybersecurity: Drop in DDoS attacks during lockdown
“The consequences of not doing so will be very serious, including the loss of all key systems. Members that have suffered attacks have found it very difficult to function. Some have been forced to temporarily close their campuses and all will be feeling the financial, logistical and reputational effects for some time to come.
“Like all sectors, the education and research community needs to work constantly to respond to threats and reduce the risks by building strong defenses. Right now, that means following the NCSC’s ransomware advice.”
The NCSC, which is a part of GCHQ, has today published an alert to education establishments warning of an increase in ransomware attacks and setting out steps they can take to keep criminals out of their networks.
The NCSC said it had dealt with a significant increase in the number of attacks since late February, when establishments were preparing to welcome students back in the classroom. It added there was no reason to suspect the same people had been behind each attack.
‘Defence in depth’
The NCSC’s advice includes a number of practical steps which can be taken as part of a “defence in depth” strategy, from installing and enabling antivirus software to having up-to-date and tested offline back-ups.
Paul Chichester, director of operations at the NCSC, said: “Any targeting of the education sector by cyber criminals is completely unacceptable.
“This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.
“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents.”
Figures provided by Jisc last year showed there had been a drop in the number of cyberattacks on colleges. While the two months between 20 March and 20 May 2019 saw 100 so-called DDoS attacks - “distributed denial of service” attacks designed to disrupt and/or bring down a network by flooding it with data - targeting 33 UK colleges, the same time period in 2020 saw only 26 such attacks targeting 15 colleges.