School cybersecurity in 2023: What’s your incident response plan?

School cybersecurity in 2023: What’s your incident response plan?

Australian schools are facing a growing threat from cyberattacks, with an increasing number of incidents being reported by educational institutions.

According to a 2022 survey by Sophos, 60% of both higher and lower education providers suffered ransomware attacks in 2021 compared to 44% in 2020.

Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

Worryingly, Australia’s education industry holds the longest recovery time from cyberattacks, and even when recovering, just 2% of education institutions recovered all of their encrypted data after paying a ransom.

Aaron Bugal, Global Solutions Engineer APJ at Sophos, says when such valuable data is exposed, a well-rounded cybersecurity defence is imperative.

“With cyberthreats continuing to grow in both volume and complexity, most schools shouldn’t be attempting to manage cybersecurity on their own. Instead they should consider investing in cybersecurity as a service to ensure that their school is protected 24/7,” Bugal told The Educator.

“By leaving cybersecurity to experienced professionals, principals are free to do what they do best – educate.”

Bugal said this should include educating students, teachers and parents on how to be cyber aware through regular training and reminders about the dangers studying online.

“Cyber-savvy staff and students know how to identify a phishing attack, use multifactor authentication and not click on suspicious links, which helps to reduce a school’s risk factor.”

How principals can respond to cyberattacks

Bugal said the first step to responding to a cyberattack starts well before it happens with the development of an incident response plan.

“Many active attacks become overwhelming very quickly. An incident response plan helps school leaders understand the severity of an attack and align roles and responsibilities for remediation,” he said.

“Key elements for an effective response plan include being agile to adapt to evolving threats.”

Bugal said this includes all areas of the school from teachers to admin in the decision-making and risk assessment; regularly checking for and updating unpatched vulnerabilities; and engaging third-party help.

“It is also important for school leaders to keep a hard copy of their plan just in case the digital version is impacted in the cyberattack.”

Critical thinking can be a strong wall of defence

Kevin Dyson, a cybersecurity industry veteran currently serving as the Regional Director for Bitdefender, says that in addition to having reliable cybersecurity infrastructure in place, schools should also guard against cyberthreats by teaching children critical thinking skills.

“This is an important life skill that is directly applicable to security,” Dyson told The Educator. “From a young age, they are exposed to online scams, more than most grown-ups realise.”

Dyson said some common examples of this include scams in online video games and virtual worlds, as well as other environments where children are interacting without adult supervision.

“Threat actors are often other children, and motivation can be cyber bullying, like denial-of-service attacks to gain advantage in a game,” he said.

“Learning how to choose the right security tools, services and support for students on campus and when at home before and after school, combined with the ability to recognise suspicious behaviour, are basics of staying safe in our connected world.”

Know who has access to what

Scott Leach, VP of APJ at Varonis says the rise of cyberattacks on Australia’s education industry highlights just how important it is for organisations to have tight control over their data.

“This means knowing exactly who has access to what, and which data presents the highest risk if it were to be exposed,” Leach told The Educator.

“With cyberattacks increasing in both prevalence and sophistication, it is becoming more difficult for organisations to even detect breaches when they do happen.”

Leach said that in order to prevent increasingly malicious and sophisticated cyberattacks, education providers need to be proactive rather than reactive.

“One of the most important ways to achieve this is implementing a policy of least privilege, meaning that staff only have access to the files that are necessary to do their jobs,” he said.

“By locking down their most sensitive information, education providers and other organisations can restrict the amount of damage that occurs and prevent hackers from moving throughout the network, saving them potentially millions of dollars.”

Leach said this policy is an absolute bare minimum precautionary measure that all education providers need to take.

“This ensures that if a data breach ever does occur, the risk of attackers stealing sensitive files is significantly reduced.”