When COVID-19 hit, the sudden upheaval to remote learning left the education industry exposed. With a shift to complete reliance on technology, cybercriminals and bad actors exploited the increase in digital adoption, beginning what many experts describe as a “cyber pandemic”.
The growing threat landscape
Cybercrime is a billion-dollar business and growing, with significant growth in the cybercrime-as-a-service business model, leading to more agile and powerful attacks. “We have been seeing the professionalisation of cybercriminal organisations for some time now”, explains Jason Nurse, associate professor in cybersecurity at the University of Kent. “Corporate-like structures and slick customer services are becoming the norm.” Indeed, many cybercriminal organisations today operate much like any other business. They compete with each other for customers, or in their case, victims, and fight for the best project managers and leaders to serve in a CEO-like role to help them stay organised and on the task of stealing valuable data and assets. Despite the return to classroom working, schools have remained a firm target. This is echoed by Microsoft, who, when measuring global threat activity, place the education sector firmly in first place, claiming it is the most affected industry of reported enterprise malware encounters.
Government lead the fight back
Any school with cyber security high on their agenda will be familiar with the governmentbacked Cyber Essentials scheme and the DfE mandate for all UK schools to complete the online ‘Cyber Secure’ self-assessment of their cyber and IT credentials. More than just a checklist, achieving Cyber Essentials can be one of the most vital tools schools have to improve their resilience and protect themselves against potential attacks. Implementing the five core controls as outlined in the Cyber Essentials guidelines will eliminate the common security gaps that up to 80% of cyber attacks rely on, as well as helping to demonstrate your school’s General Data Protection Regulation (GDPR) compliance.
How can schools mitigate risk?
The DfE have assisted with information, recommendations and tool-kits to support schools in the fight against cybercrime. However, the harsh fact remains that the onus of responsibility to properly manage their IT and cyber security is on schools themselves.
There are many cyber tools and services available for schools. These can be incredibly expensive for those already navigating tight budgets. In addition, the lack of in-house expertise or capacity to meet growing security requirements means that meeting the DfE requirements can be a challenge for many.
With a shared objective of increasing cyber resilience in the region, Cantium has partnered with the Eastern Cyber Resilience Centre (ECRC), a non-profit organisation backed by the police service to fight cybercrime. Alongside the ECRC, Cantium has created a flexible approach to providing a comprehensive suite of security services to education providers.
Working with schools, academies and trusts for over 35 years, we know that no two places of learning are the same. For this reason, we create a partnership with schools to understand their
budget, resources and individual needs. This enables us to create a tailored approach as we identify and support the seen and unseen vulnerabilities, assist the remediation work and help to create policies and procedures to mitigate risk.
General Data Protection Regulation (GDPR) and Data Protection Officer (DPO) services can also help equip schools with the tools and support to effectively manage the increasingly complex issue of data protection, and free up valuable resources within their teams. As part of our shared objective to improve cyber resilience in the region, we are pleased to offer Kent schools free membership to the ECRC. This provides a wealth of resources such as a step-bystep guide to achieving Cyber Essentials, expert guidance, regular updates, and much more.
Security is a culture and not an IT prescription
Technology can help tackle the cyber threat, and with the right support, it can be easily obtainable and relatively straightforward to adopt. However, this alone will never be enough to secure your assets properly. Adopting new security solutions like cloud security can undoubtedly decrease the chance of falling victim to an attack. However, with humans being the weak link in any cyber security strategy, schools must treat internal and external security with equal weight. Through training and increased cyber awareness, it will be seen as a shared responsibility by all, staff and students alike. Cantium and its partners have a wealth of resources and expertise to help you adopt and foster a culture of security. We aim to provide affordable security measures to help you adapt to the evolving threat level and safeguard data, staff and pupils. If you would like to discuss how we could help protect your school, speak to one of our ICT experts today.