We often hear about the big cyberattacks that happen to large organisations. Less often do we see local attacks being publicised. This isn’t because they’re not happening – the stories are not deemed as newsworthy by the mainstream media.
However, we’ve recently seen a cyberattack on Isle of Wight schools being reported on.
Six Isle of Wight schools were impacted by a ransomware attack at the end of July. Whilst, as is the norm, details on the attack are scant, it would appear that the schools’ data has been encrypted and a ransom demanded for its return.
Cyberattacks of this kind highlight how low cybercriminals are prepared to go. Three of the six schools are primary schools and all could be forced to delay opening in September. It would appear that the ransom is not being paid as a spokesman for Lanesend Primary reported that they cannot and will not be able to access their data again; “As you can imagine, the team now have hours, days and months of work ahead of them to recreate the information that has been lost”.
On this occasion no one is a winner – there are only losers. The hackers haven’t received their ransom and the schools have a huge additional burden. After the 18 months that schools have had, this really is the last thing they need. Plus, we all understand that educational budgets are limited and this attack will add even more strain.
This attack is not the first attack on UK educational establishments this year, which begs the question: “Why”?
It’s hard to understand why cybercriminals would target organisations that are not known for their high financial worth. Maybe it’s simply ease?
Schools have so many priorities. Obviously, keeping children safe and educated is their main focus. This year they will have had the added pressure of maintaining ‘bubbles’, teaching both online and in the classroom, dealing with staff absence, etc, etc. It’s pretty clear that their attention will NOT have been on IT security! Additionally, it’s fair to assume that many schools will be using IT kit that is not the latest. All these factors make them a target. Whilst criminals may not achieve gains on all occasions, they know that it’s a numbers game – they will get paid sometimes and schools are an easy target.
There are lessons that we can all learn from this cyberattack:
- Everyone is a target – cybercriminals do not have a conscience
- Old IT kit is easier to hack
- Recovering from an attack is more time consuming than preventing one in the first place
- Cyberattacks are expensive
- IT security needs to be a priority
- Reputational damage is a factor
- There are many losers, in this case young children
How can you prevent a similar attack?
There are many areas of cyber security to consider but maintaining up-to-date kit, with the latest updates and upgrades, is a good place to start. We understand that this involves expenditure so would recommend having an IT Strategy in place. Budgets can then be set for regular IT replacements, ensuring IT kit is always within warranty and is able to handle the latest security updates.
Introduce an IT Security Policy that is well-communicated and maintained. This can include details such as how passwords are handled, the use of Multi Factor Authentication, how data is backed up, eliminating the use of ‘Shadow IT’ and which IT security software is used. All relevant staff need to be trained in good IT security practices and be aware of how their actions can impact security.
Ensure your supply chain also maintains adequate IT security measures – without them they are putting you at risk of attack.
Talk to trusted IT security specialists. They will get under the skin of your organisation and advise on the layers of protection that you need to add.
Unfortunately, no one is immune from attack, and even IT security providers have been targeted. But we all need to be aware of the risks that we face, and put as many barriers in place as possible.
For more information on cyber security and how to minimise the risk of attack talk to Net Primates. We place IT security at the core of our business and will advise on measures to help keep you safe, efficient and productive. We’ll also run through the benefits of Office 365 Enhanced Security that gives vital layers of IT security in addition to the suite of Office 365 applications.