In recent years, instances of cyberattacks against schools have been on the rise, putting sensitive student data at risk of hackers. However, in 2020, as the entire education system was transitioning to remote learning, the risks ballooned.
Hackers have capitalised on the chaos caused by this transition by finding new ways to attack students and teachers who are now more vulnerable than ever.
On Thursday, this threat was put in the spotlight when the NSW Department of Education was hit by a cyberattack, just hours after it was announced that the state’s schools should prepare for remote learning in the wake of the extended COVID-19 lockdowns.
NSW Teachers Federation president Angelo Gavrielatos said the attack would have “an incredible impact” on teachers and principals across the state.
"It means that they cannot access any information, not even the guidelines for operation next week, they can't access their emails, can't access their calendars, can't access teaching materials, can't access Zoom,” Gavrielatos said, adding the attack had left school staff in "a state of paralysis".
With education being one of the most breached sectors when it comes to cyberattacks, efforts are underway to ensure that critical data held by education departments is more heavily protected.
Cyberattack came as no surprise
Hayley Turner, Director of Industrial Security, APAC at Darktrace, said that while the exact motivations of the attack remain unknown, it is unsurprising that the education department has been targeted.
“With Sydney facing an extended lockdown, periods of online schooling are here for foreseeable future – and the timing of this attack may be no coincidence,” Turner told The Educator.
“With schools due to start a new term next week, the stakes are higher, and attackers know that system operators will be left with little choice but to respond to any accompanying demands to get online schools up and running in time.”
Turner said there is no code of ethics when it comes to cyber-crime.
“The reality is that the education sector, much like healthcare, suffers a shortage in cyber skills and has one of the highest click rates for malicious emails of any industry. Hackers always look for an easy target,” she said.
“As well as restoring online systems, the focus must now equally be on bolstering our defences, and stopping attackers from striking again while the iron is hot.”
Fortunately, says Turner, there are many organisations across the Australian education sector who are effectively building the resilience to combat these attacks.
“These include Girton Grammar School and the International Baccalaureate, who are embracing autonomous AI systems which not only spot threats like ransomware as they are emerging, but instantly thwart them – even when humans aren’t around.”