Education

At a time when the global threat of cybercrime is widely acknowledged as a standard business challenge across all sectors, education is consistently recognised as one of the most likely to experience a malicious cyber-attack.

There are a range of motives for attacking the education sector.

Education cyber-attack data

A report from the National Cyber Security Centre (NCSC) in November 2022 confirmed an estimated 90% increase in cyber-attacks targeting the UK education sector, in the preceding 12-month period.

In addition, a survey by Cantium (an IT service provider) in 2022, makes alarming reading. The survey of 500 UK headteachers, school IT professionals and teaching staff, found that:

  • 37% of respondents (including school staff and IT professionals) “do not rank cyber security as a high priority”
  • This could mean almost 12,000 schools are at greater risk from a cyber-attack in 2023
  • 66% of UK schools had suffered a cyber-attack in the last 18-months; and
  • Only 35% felt strongly that they were “well prepared to protect their school against malicious activity in the future”

Why schools?

Research by Intel elaborates on why improved cybersecurity is so important in education:

  • One in three education devices contains sensitive personal data
  • The volume of personal data stored by schools/colleges/universities is usually high (especially when schools share systems or are part of multi-academy trusts)
  • In a study of 5,400 IT decision-makers across 30 countries, those working in education are the most likely to admit security weaknesses
  • 44% of IT managers in the education sector have experienced a ransomware attack (higher than healthcare, IT and local government)
  • 87% of educational establishments have experienced at least one cyber attack

Seasonality

Seasonality and a focus on ’peak periods’ play a big part in the deliberate timing of cyber-attacks on most sectors, and education is no different. The trend of attacks in August and September 2022 was significant and we can expect to see a continual cyber-attack focus during the following times:

  • School holidays and half terms
  • Exam periods
  • End of school year/term
  • Beginning of school year/term
  • Weekends

Attackers know when school staff will be working under pressure, or if the school will be operating at reduced staff levels, and that`s when cyber diligence is reduced – making the chances of a successful attack, much higher.

Next Steps

The education sector has become an ever-rising target for malicious cyber-attack, for a variety of reasons outlined in this report.

Leaders and educators must adopt the mindset that it is a question of “when” an attack will take place, rather than “if”, and that this could manifest not only as a direct attack on their school, college, academy, MAT, college, or university – but also via their critical supply chain and/or trusted stakeholders.

Further Information:

To find out how our team can support your school, college, or university to improve its cyber defences and reduce the likelihood and impact of a successful attack, contact us today: info@mooreclear.com

Get in touch

Get in touch with our expert education sector specialists now.

Contact our experts

Key Contacts

View a list of our team and their experience now.

View Team
  • Certified Information Systems Auditor
  • Certified Information Security Manager
  • Certified Information Systems Security Professional
  • In association with National Cyber Security Centre
  • Cyber Essentials
  • Cyber Essentials Plus
  • IASME Cyber Assurance - Level Two
  • IASME Cyber Assurance - Level One
  • An ISO 9001:2015 Certified Company
  • Official Supplier to National Care Association