A government cybersecurity survey identified the education sector as one of the most statistically at risk, with considerably more schools, colleges and universities identifying breaches or attacks in the past 12 months than most other employers of work.
The investigation conducted by the Department of Digital, Culture, Media and Sport (DCMS) found that 70% of secondary schools, 88% of higher education colleges and 92% of higher education institutions surveyed had identified a breach or attack in the year to January 2022. These figures are in stark contrast to 39% of UK businesses.
Phishing was the most typical form of attack on schools, colleges and universities, the survey responses suggest. Email posing as others, viruses such as spyware and malware, and denial of service attacks were the second, third and fourth most common threats.
While respondents noted far fewer cases of ransomware and user account takeover, as many as 18% and 26% of universities detected these breaches, respectively, highlighting the multifaceted nature of the threat IT managers face in HE. .
62% of universities reported violations or attacks at least weekly, far more than colleges or schools. According to the survey, 71% of universities have had “a negative result”, such as loss of data or money due to an attack in the past 12 months.
Nearly nine out of 10 universities were adversely affected by an attack, even though there was no “material impact”: 76% wasted staff time dealing with the attack and diverted future resources to counter future threats.
Respondents included 198 primary schools, 221 secondary schools, 34 FE colleges, and 37 higher education institutions.
The findings suggest that the education sector has recognized the growing threat faced.
Each university and college and 98% of secondary schools that responded to the survey said senior managers and governors were involved in the challenge, compared with 82% of UK businesses.
Two-thirds of schools and nine out of 10 universities have dedicated senior executives responsible for managing cybersecurity. But primary schools have lagged behind other areas of the education sector, the survey found, in nearly all categories of readiness and awareness.
For example, while 95% of universities and 65% of secondary schools have specific tools for monitoring cybersecurity, this figure drops to just 41% of primary schools. Likewise, secondary schools were more than twice as likely to have commissioned a cybersecurity audit than primary schools.
According to the survey, schools, colleges and universities were 10 to 20 percentage points higher than companies for implementing the government’s five core cybersecurity practices. These include firewalls that cover the entire IT network, restricting IT administrator and access rights, and security controls on all devices.
The survey suggests that primary schools were the most likely to have rules for the secure storage and movement of personal data, one of the few areas where they outperformed the rest of the education sector.
The government wants more education institutions to engage with its 10-Step Cybersecurity Guide, a checklist that includes risk management, training, and data security. Although more than nine out of 10 surveyed schools, colleges and universities engaged in guidance, only 12% of primary schools and 19% of secondary schools engaged in all aspects.
Nelson Ody, product manager for cybersecurity at RM, said the DCMS survey “reminds us of all the ongoing risks schools face.”
“My advice for educational institutions would be to focus on adopting the correct basic approach. This includes making multi-factor authentication (MFA) a must for all staff, having the necessary email protections, such as domain-based message authentication, implementing Reporting and Conformance (DMARC), having protections and endpoint software up-to-date and well-managed updates underway within two weeks of release, “he said.” Most importantly, all of this needs to be combined with outreach programs for staff and students, testing them through various simulations. After all, informed individuals they will be another asset to keep attacks at bay. “
To know more: UK government unveils new cybersecurity strategy
The DCMS survey highlights the huge cybersecurity challenge for the education sector
Source link The DCMS survey highlights the huge cybersecurity challenge for the education sector