In this blog, we outline the most common cyber threats facing the education sector and explore key questions like who commits these crimes, what is at risk, where the vulnerabilities lie, and why schools are prime targets. Additionally, we provide practical steps that schools can follow to reduce their risk of falling victim to cyber crime. The information included in this blog is based on 9ine's experience and what our teams commonly see in schools.
Schools today face a wide range of cyber threats, but the three most prominent are phishing, denial of service (DDoS) attacks, and ransomware. These threats are more than just isolated incidents - they often form part of a larger, increasingly sophisticated network of criminal activity targeting schools.
It's important to recognize the two major types of cyber crime that schools should be aware of: Cyber-enabled crime and cyber-dependent crime. Cyber-enabled crime is traditional crime that is enhanced in scale or reach via the use of technology. This can include online fraud, grooming, malicious communications, and cyber bullying. Cyber-dependent crime involves a criminal element using a digitally enabled device, such as a computer or smartphone, to target another device. In the latter category, technology is both the target of the crime and the tool to commit it. Examples of cyber-dependent crime can include ransomware, malware, remote access tools, and Denial of Service (DDoS) attacks.
Ransomware, in particular, has become one of the most devastating cyber-dependent crimes for schools. Hackers encrypt a school’s data and then demand payment to unlock it, effectively holding the institution hostage. When schools rely heavily on digital infrastructure for learning, administration, and communication, these attacks can bring operations to a standstill.
Many imagine cyber criminals as lone hackers in hoodies, hunched over laptops. In reality, most cyber criminals work in highly organised groups that plan and execute sophisticated attacks over extended periods. Some hackers remain hidden in school systems for months, sometimes even nine months or longer, collecting valuable information before striking.
The financial incentives for cyber criminals are staggering. Consider this: if a hacker gains access to a database containing 500,000 email addresses, and even 1% of the recipients fall victim to a phishing scam resulting in a £200 payout, the hacker walks away with over £1 million. This highlights the substantial profitability that drives these criminals.
Detecting a data breach can take months, with the time varying widely depending on the organisation. For example, the entertainment sector averages 287 days to detect a breach, while healthcare industries detect them in around 103 days. Schools, often operating on limited budgets with outdated systems, typically fall on the slower end of this detection spectrum, which makes them even more vulnerable to prolonged attacks. Schools, like any other organisation, need to allocate resources toward cyber security to minimise the time it takes to detect and mitigate breaches. The level of investment in IT systems and cyber security makes a big difference. Read more about the common characteristics of a data breach in our blog, 'How to plan for a data breach in your school network'.
While schools often focus on external threats, internal risks can be just as dangerous. In a survey from TeacherTap involving over 5,000 respondents, 28% of teachers admitted they shared a password. This is just one example of how carelessness among staff can create vulnerabilities. Other sources of internal risk includes:
Cyber criminals frequently use social engineering tactics to exploit schools. Social engineering refers to manipulating people into performing actions or divulging confidential information. Common tactics include impersonation, creating a sense of urgency, exploiting a sense of obligation, invoking authority, and using flattery or fear to manipulate the victim.
For example, a hacker may impersonate a trusted authority figure, such as a bank or even the school itself, to trick employees into revealing sensitive information. Urgency is another common tactic, where hackers pressure the victim to act quickly before they have time to scrutinise the request. Phrases like "Your account will be locked unless you act immediately" are designed to evoke fear, pushing victims to click on malicious links without a second thought. The hacker may also try to persuade a victim that they are required to do something, either by law or through some contractual obligations.
Authority figures like school administrators are often targeted because they have higher levels of access to sensitive information. Hackers may craft convincing emails or phone calls pretending to be from an official source to gain access to these privileged accounts. By using friendly and flattering language, they may also put victims at ease, making them more likely to comply with requests.
Hackers gather extensive information about a school’s employees through various means, especially by scraping social media profiles. Employees may unknowingly expose information about their job roles, hobbies, and personal details that cyber criminals can use to craft highly targeted attacks.
In addition, hackers can exploit location services to gain insights into a person’s daily routine or whereabouts. Many apps request access to location data, and this information is often shared with third parties. Smart devices, such as Amazon Alexa or Google Home, also collect data, which may be intercepted by cyber criminals. All around us, technology is recording and monitoring our location. All of this information can serve as valuable intel for hackers plotting their next move. It’s important to recognise this and protect our digital footprint. All of this information represents an invaluable cache of information for hackers.
The rise of bring-your-own-device (BYOD) policies has introduced a host of new risks for schools. Teachers and staff often bring personal devices into the school’s network, and these devices may lack proper cyber security protections. Unsecured devices can act as gateways for hackers to access a school’s internal network.
One technique used by hackers is planting USB drives around school premises, hoping that a curious staff member or student will plug it into a school computer. This simple action can give the hacker access to the school’s system. Before disposing of any old hardware like USB sticks or laptops, schools must ensure that all data has been securely erased to avoid leaving residual vulnerabilities. Read more about this in our article, "Cyber Security In Schools; Removable Media Data Loss and Malware".
Reducing your school’s vulnerability to cybe rcrime requires a multi-faceted approach. Here are several key steps:
Ultimately, schools must accept that cyber crime is not a matter of "if," but "when." By staying informed, investing in cyber security, and implementing a proactive approach, schools can minimize the damage when an attack does occur.
9ine equips schools to stay safe, secure and compliant. We give schools access to all the expertise they need to meet their technology, cyber, data privacy, governance, risk & compliance needs - in one simple to use platform. For additional information, please visit www.9ine.com or follow us on LinkedIn @9ine.