The Department for Education (DfE) is set to launch a new tool which allows schools to measure their cyber-security provision after the sector was struck by more than 70 ransomware attacks during the pandemic.
Schools minister Nick Gibb told the National Cyber Security Centre’s (NCSC) CYBERUK online conference today that all schools should take advantage of the provision when it becomes available next year.
The NCSC revealed in March that schools had lost financial records, students’ coursework and Covid-19 testing data during a spike in cyber attacks targeting the education sector.
This alert followed on from a similar warning in September 2020 where more schools were hit by criminals.
Gibb said since the beginning of the pandemic the education sector has seen two periods where the education sector was subjected to “increased targeting by ransomware”.
He said over 70 ransomware cases had been recorded in the sector during this time, as well as additional attacks in higher and further education.
“Not only does this threaten children’s education, it can be really frightening for schools and can distract teachers from doing their jobs”, Gibb warned.
The schools minister said he wanted to help schools “be proactive and on the front foot to improve their cyber resilience”.
“We’re developing a tool for schools to measure their own levels of cyber security and this will provide valuable signposting to a range of advice and guidance that schools can use to make positive changes to their technology environments.”
“We expect to launch this early next year and I would urge everyone to take advantage of it”, he added.
Ransomware is a type of malware which prevents users from accessing their systems or the data held there. Following the initial attack, victims will then receive a ‘ransom note’ demanding payment in exchange for the stolen data,
Cyber-crime protection scheme
The tool is not the only initiative the DfE is developing to help schools combat this new danger.
Academies minister Baroness Berridge revealed last month the DfE would be undertaking a Risk Protection Arrangement (RPA) Cyber Risk Pilot with over 500 schools.
Each school in the pilot will be supported to achieve certification which helps to protect them against 80 per cent of the most common cyber attack, she explained.
Every certified network will also receive £250,000 of commercial cyber cover for a year.
‘We want other trusts to learn from our experience’
Nova Education Trust in Nottingham was among those struck down by a ransomware attack earlier this year.
The trust was forced to shut down IT systems for all 15 of its schools and was unable to provide remote teaching to pupils in the immediate aftermath.
A Nova spokesperson told Schools Week it is now working with the DfE “to shape tangible guidance and support on both prevention and recovery from a cyber attack”.
“We are keen for other trusts and schools within the sector to learn from our experience”, they added.
Since the attack the trust has upgraded its ransomware protection, upgraded back-up to closed based storage and ensured all system linked products are now cloud-based.
It has also worked with experts to develop a quicker recovery in the event of another attack.
This has been done through developing “disaster recovery procedures” and working with commercial partners to test the quality of these protocols.
“Organisations need to recognise that they have to be prepared for another attack”, the spokesperson said.
Schools ‘more dependent on their IT systems’
Ruth Schofield of cyber security experts Heimdal security previously told Schools Week the switch to remote learning made schools more dependent on their IT systems, while security became less of a priority “in the rush to get pupils online”.
Harris Federation, one of the country’s largest academy trusts, was also targeted by hackers earlier this year
“Cyber attacks are crimes and we can’t afford to let our schools or our children be the victims of such crimes”, Gibb added.