In mid-February 2022, British journalist Tallula Brogan reported that three quarters of United Kingdom (UK) school leaders feel their schools are extremely digitally vulnerable. This statistic is part of a new study conducted by Cantium Business Solutions in Kent, in the UK, in partnership with Censuswide.
Study authors found that 78% of heads of schools worry about cyber-attacks, although school staff members do not necessarily share this concern. Subsequently, across the country, 12 000 schools could suffer cyber-attacks this year.
Of the 500 school principals surveyed, two-thirds revealed that their schools had been hacked during the last 18 months. Thirty five per cent of school heads said their schools were not adequately protected against such attacks.
Mark Scott, CEO at Cantium, says:
The last year has been particularly challenging for the education sector and it’s clear that the shift to remote learning has left many schools feeling vulnerable and unprepared to protect themselves against cyber criminals.
As the threat landscape evolves and schools continue to adopt digital technologies, it’s important to invest in cyber security measures, education and expertise that can help protect against malicious activity.
Cyber security doesn’t just fall down to the information technology (IT) department, it’s a mindset and level of awareness that helps to prevent cyber-attacks and safeguard staff and pupils.
The Cantium study has pinpointed the East of England, where there are more than 200 independent schools, as being the most vulnerable. Eighty-four per cent of schools in this region have already suffered a cyber attack during the last two years.
Experts say that remote learning patterns that have evolved since the first COVID-19 hard lockdown have increased the possibility of schools being hacked. Head of cyber and innovation at the Eastern Cyber Resilience Centre, detective inspector Fiona Bail, stated that:
Cybercrime continues to increase and unfortunately there is no evidence that the number or scale of attacks will be decreasing soon.
Education institutions are key targets due to the sensitive nature of the data that they hold, as well as the complexities of the systems involved, which make secure configuration and implementation of controls tricky.
Educational institutions are also easy targets for students who are experimenting with their cyber skills, so being able to identify and nurture technical talent is a problem which other businesses may not have to face.
COVID-19 has already placed huge demands on the education sector and having a cyber-attack occur, losing access to key files and data, or being unable to teach, is a situation that no one wants.