Getting your school ahead of the cybersecurity curve in 2023

Getting your school ahead of the cybersecurity curve in 2023

Across Australia, and universities are finding that they are increasingly vulnerable to the scourge of cyberattacks.

While cyberattacks can come in many forms, perhaps the most crippling for a school is ransomware, which locks a user out of their computer and seizes all of their files until a financial ransom is paid.

A recent survey by global cybersecurity company Sophos found 60% of both higher and lower education providers suffered attacks in 2021 compared to 44% in 2020.

Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

Read more: What to do if your school experiences a ransomware attack

Cyberattacks can also take other sinister forms, as recent incidents show. A Victorian high school was the target of a hack of student and faculty information that led to the impersonation of the principal in a credit card scam.

More spectacularly in June of this year, hackers streamed explicit content during a school assembly and later in the day sent emails with references to the Holocaust and the KKK to parents and students.

Kevin Dyson, a cybersecurity industry veteran currently serving as the Regional Director for Bitdefender, says in order to win this war, Australia should consider constructing a “Digital Iron Dome” to defend its major utilities, and that private-public partnerships with cybersecurity providers and learning institutions should be a major facet of such an initiative.

“The first step in building this ‘Digital Iron Dome’ is to understand the collective need for security,” Dyson told The Educator. “Organisations of all sizes need to become more cyber resilient – there are options available for all budgets now, but smaller organisations, especially schools, often underestimate the risk of attack by professional threat actors.”

Dyson said many large-scale attacks often start with compromise of a sub-contractor, or other small aspects of their supply chain.

“State-sponsored threat actors target educational institutions – because they collaborate with the private sector, it’s often the easiest method for corporate espionage,” he said.

“Unless we can make effective security available for everyone, not only large corporations and the government, cybercrime will keep growing and becoming more organised. Hand in hand is to ensure stronger collaboration between the private security sector and law enforcement agencies.”

Dyson said some of the largest ransomware groups have been disrupted recently, proving that this is an effective approach to combating cybercriminals.

“In terms of practical steps for schools, they can start by reducing an attack surface, prevent most of the attacks by highly effective prevention security controls, and adopt detection and response capabilities [as a product or as a service]. Multi-layered security is a key at stopping these threat actors.”

“It’s also extremely important for schools to teach critical thinking skills. This is an important life skill that is directly applicable to security. From a young age, they are exposed to online scams, more than most grown-ups realise.”

Dyson said some common examples of this include scams in online video games and virtual worlds, as well as other environments where children are interacting without adult supervision.

“Threat actors are often other children, and motivation can be cyber bullying, like denial of service attacks to gain advantage in a game,” he said.

“Learning how to choose the right security tools, services and support for students on campus and when at home before and after school, combined with the ability to recognise suspicious behaviour, are basics of staying safe in our connected world.”