With schools facing growing levels of cyber attacks and limited resources, Jonathan Whitley, Vice President for Northern Europe at WatchGuard Technologies explains that MSPs have the opportunity to shine
It seems a remarkable statistic but according to Microsoft around 80 percent of cyberattacks are currently targeted at educational institutions including schools, colleges and universities. This is based on Microsoft’s Global Threat Activity report that tracks reported enterprise malware encounters in the last 30 days.
While we have always known that education was a key target for cyber criminals, these stats are a wake-up call for those in charge of IT and security. Accelerated digitalisation due to the pandemic and the need to adapt quickly to distance learning has made many schools, colleges and universities more vulnerable targets. With a lack of technology and skills, primary and secondary education was particularly unprepared to meet the new security challenges to protect sensitive information and user privacy, such as the personal information of students, their families and staff on the full range of devices used.
During the pandemic, the UK government’s NCSC (National Cyber Security Centre), part of GCHQ, took the step to issue an alert to the academic sector following a series of online attacks against schools, colleges and universities and urged immediate steps to mitigate the risks and deal with possible breaches.
A large percentage of attacks on schools are ransomware attacks initiated through phishing emails, which typically involve the encryption of pupil, parent and school data followed by demands for money in exchange for its recovery. Other attacks include data theft, DDoS (distributed denial-of-service) attacks, domain spoofing and cyberbullying.
While cyberbullying may not be considered a security threat, according to UNICEF, globally 56.6% of children between the ages of 12 and 24 have been victims of cyberbullying. In more malicious cases, this type of bullying can turn into ‘doxing’, when the bully manages to break into the victims’ email or social media accounts to publish their personal information or use malware to gain access to their location or other sensitive information. Being aware of the problem does not make it go away, it is necessary to educate children and teenagers so that they can protect their online safety. To prevent cyber security breaches, it is also important to educate children, students and staff on how to spot scams and phishing emails and the importance of using strong passwords.
IT security vendors and their channel partners must step up to help education institutions face the growing threats. However, with challenge comes opportunity and many schools, colleges and universities are taking the opportunity to centralise the delivery and protection of IT services through managed service providers.
Adopting a centralised cloud architecture to deliver end-to-end security services provides multiple benefits and with no onsite servers, zero touch deployments and remote monitoring and management, there is no need for costly service visits. Everything from configuring firewalls, to providing endpoint protection, patching, backups or delivering modular security courses for staff, can be provisioned, deployed, managed and reported on via the cloud. It is even possible to set up and secure Wi-Fi networks and VPN connections remotely.
Like all other sectors, COVID-19 changed the face of education forever. IT requirements will continue to evolve and it’s the channel’s responsibility to help facilitate this change and ensure security efficacy is maintained. The best and most cost-effective way to combat the growing threat landscape is through more education and by implementing a layered approach to security delivered and managed remotely.