Education is not an arena that you would think is prone to cyberattacks. It is so critical to the future of, well, everything that you hope it would be exempt.
The latest Sophos report paints a sombre picture of how hackers have exploited the trend in education for homeschooling and remote learning.
In Singapore, one of the main targets for cyberattacks last year was the Ministry of Education itself, while the overall cyberattack figure rose 154% over the previous year.
Education was the top target for criminals, along with retail, with 44% of organisations hit by ransomware attacks.
As Chester Wisniewski, principal research scientist at Sophos, says, “the education sector has long been an attractive target for cyber-attackers. The budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end-user behaviours, such as downloading pirated software. All this increases exposure to risk in any year, but in 2020 the pandemic happened, and education establishments had to switch, with short notice, to virtual learning environments, with very little time to think about security or provide basic cybersecurity training for all the newly remote users.”
Over half of the education establishments attacked admitted that the hackers had managed to encrypt their data, and the average ransom payment was around US$112,000. Worse still, of those who paid, a majority did not manage to get all their data back – only around two-thirds were recovered successfully.
That the pandemic has changed the face of how we interact with our digital world is an understatement. Education is seen as a soft target.
The speed at which we all had to head home at the beginning of the pandemic meant that the IT and particularly security teams were caught out and had to move extremely fast to catch up. In fact, many did not and suffered the consequences.
With education in the spotlight, along with fintech and other vital sectors, how we will patch the holes that the pandemic opened is going to be tough. Particularly so as it seems that, even after the pandemic has passed, many will remain working or learning from home, at least some of the time.
The other major problem, of course, is that the swift rise in numbers of attacks has left the security community reeling, stressed and hoping the problem will simply go away. Education, particularly, does not have the budget to raise its defences properly, and it is one area where Governments should do more to help.