Over three-quarters (78%) of UK schools have experienced at least one type of cyber-incident, according to an audit carried out by the National Cyber Security Centre (NCSC) and the National Grid for Learning (LGfL).
The analysis was a repeat of an audit conducted in 2019, allowing the authors to review the extent of cybersecurity improvements made in schools in recent years.
Including insights from more than 800 UK schools, the report found that phishing emails sent to staff or staff being directed to fraudulent websites was experienced by 73% of respondents, which compared to 69% in 2019. This was followed by people impersonating their school emails (26% versus 20% in 2019), malware infection, including viruses or ransomware on any network-connected equipment (21% versus 30%) and important information being made unavailable, whether short-term or permanently (18% versus 35%).
Just 7% said their school has ever been significantly disrupted by a cyber-incident or attack.
The audit also showcased numerous improvements in security measures in schools. For example, every school surveyed now use firewall protection, 99% use an antivirus solution and 74% use two-factor authentication on their most important accounts.
Additionally, over half (57%) of respondents said they gave regular cybersecurity reports to school leaders/governors and 83% have a cybersecurity policy or plan.
Over half (53%) of the schools surveyed felt prepared for a cyber-attack.
Cyber-attacks on the education sector have ramped up in the past few years, partly as a result of wider attack surfaces brought about by rapid digital transformation programs.
Ransomware is a particular challenge for schools, and in early January 2023, it was reported that confidential data from 14 UK schools was leaked online by the threat actor Vice Society after they refused to pay the group's ransom demands.
Commenting on the report, Bernard Montel, EMEA technical director and cybersecurity strategist at Tenable said: “The education sector has been in attackers’ crosshairs for a number of years now and it's imperative that those tasked with the security of educational institutions take action to strengthen defenses.
“Ransomware gangs will target known but unpatched vulnerabilities in software, such as PrintNightmare. Finding and updating these systems to the latest software version will prevent most attackers from gaining a toehold needed to infiltrate systems. In tandem, finding and protecting sensitive information has to be a priority,” Montel said.