Ransomware attacks, even in the education sector
Many organisations hold sensitive data. Just as some improve defences and get more secure, others become more prone to attack by hackers seeking out valuable yet vulnerable low hanging fruit. This was highlighted late last year with attacks reportedly carried out against schools, by an organisation called Vice Society. It was reported by the BBC here and described in this FBI alert.
In summary, like a number of other education sector participants, Pates Grammar School in the UK was targeted by the hacking group back in October 2022. It was widely covered in the press at the time but the BBC has now identified documents on the dark web that relate to a further 13 schools.
Large organisations might have the resources necessary to protect themselves; but any organisation can be targeted by ransomware whether they have the resources to defend themselves or not. The next victim might not even see their data as particularly sensitive or valuable to hackers, but a crippling ransomware attack could still leave their operations in severe jeopardy.
In the case of schools, breaches can threaten children’s safety and leave their identities compromised for the rest of their lives. So it’s critical that their personal data is protected by those charged with that task.
The conclusion is quite clear. All organisations, even schools, need to ensure that at the very least they have the basics, including cyber defence best practices, in place for:
- password hygiene;
- administrative account management;
- controls on software and application use; and
- multi-factor authentication for remote access.
Knowledge is key
To quickly and easily understand your level of cyber risk can be tricky. Threats and technologies evolve all the time, vulnerabilities are continuously emerging and account access invariably needs changing. So, you need to remain aware. This is complicated in an educational setting, where the number of new starters and those leaving every year makes the process of managing IT system users a particular challenge.
We now know that the processes to measure and manage the state of security controls can’t be left to chance. Many organisations, however, just don’t have the resources or skills to effectively perform these fundamental operational tasks; and bringing in expert consultants can be very expensive, certainly if it’s done with any kind of frequency.
To find out more about Huntsman’s Security’s SmartCheck solution to help you measure and manage the risks from ransomware click here.