Colleges and Universities in the UK targeted by cyber-attacks during the pandemic

Last year, at the beginning of the Covid-19 pandemic, all businesses and enterprises had to continue their work remotely, where most companies already had policy, procedure, and technology that allowed their users to work remotely to protect the companies against Cyber Threats. Whereas, schools, colleges, and universities didn't, and they had to act fast as they were not ready with remote working and teaching. They had to quickly come up with a solution where they can teach students securely and remotely. This led many colleges and universities in the UK being a victim of the Cyber Attacks.

*Image from unsplash

According to a survey by TopLine Comms in 2020 33% of the educational sector have acknowledged being a victim of cyber-attacks in the last year where 45% have refused to provide any details for the cyber attacks. The National Cyber Security Centre (NCSC), part of GCHQ has also launched an investigation into the attacks but is yet to comment or confirm whether the attacks were linked. They have also published an alert to help education institutions mitigate the risk of cyber-attack.

Compared to the businesses, universities and colleges have many challenges due to the nature of the work and access that it requires for the students and staff. This makes it hard for educational institutes to keep up with all the cybersecurity guidelines.

During the pandemic, universities had to act quickly to prepare and use the technologies that they have not fully prepared and tested or understood the use cases and risks so students and staff can continue their study and teaching. This directed attackers to see the opportunity and gaps to target uses with phishing emails and known vulnerabilities in order to compromise their accounts and systems. One of the blogs from Teiss by Tony Morbin, further explains why educational institutes are being targeted and said that "Educational institutions face cyber-threats due to the valuable information and research stored on their networks and the ability for threat actors to use their network infrastructure to launch operations against other targets."

In the last few months, many universities have faced ransomware and cyber-attacks including, the University of Northampton, Newcastle University, University of Hertfordshire, and Portsmouth University. This affected many students and research staff, all teaching was cancelled, students weren’t able to submit their assignments and unable to access their course materials. These universities are closely working with the NCSC and police to support the investigation.

The major cause of such attacks is “phishing” and “lack of cyber awareness training” where users are targeted with a malicious link to gain access to their account and move laterally within the infrastructure to further disrupt the network and deploy the malware on the end-user devices.

Remember that Techforce provide a range of solutions that can stop you worrying about Cyber Awareness Training and Phishing Attacks.

One of our solutions are Cyber Essentials a government backed and industry supported certification for businesses run by National Cyber Security Centre (NCSC). Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to Cyber Security. More than 80% of the successful cyber attacks could have been prevented with the basic security controls in place. Cyber Essentials will help you with exactly that.

Contact us at hello@techforce.co.uk and we can provide you further assistance to make sure that your users are aware of the active threats and protect against emerging cyber-attacks.