Navigating Datacentre Storage Challenges03/10/2023
Automating the JML Process in a Remote Working World with IA-Connect09/10/2023
Businesses are not the only Targets…
Over the last 12-18 months, many sectors of society, specifically the public sector have found themselves vulnerable to significant disruption from Cyber attacks. A global survey of School IT professionals conducted by security company Sophos found 80% of schools had suffered a ransomware attack, an increase from 56% in 2021 indicating both higher and lower education establishments are prime targets.
Major organised criminal gangs are no longer only targeting wealthy individuals or businesses they are going after education and perhaps from a combination of poor Cyber security practices and a willingness to pay ransoms, schools, colleges and universities are becoming prime lucrative prey for criminals.
Schools are not the only public service to attract the attention of the criminal gangs but what is clear is that cybercrime is now starting to impact us far more as a society.
We Don’t Need No Education…
Roger Waters suggested in 1979 that education was not something he needed however most people would consider education a privilege and therefore deserves the strongest protection possible. In reality, the education sector probably suffers the same shortcomings as many other public services. Several examples in recent memory highlight not only the type of confidential information that can be leaked as a result of an attack but also the disruption to our children’s education when schools cannot function when their critical systems are taken offline.
In 2022, 14 schools in the UK were targeted and when the ransom was not paid, leaked information occurred that included staff pay scales, staff contracts, pupil passport scans and SEN information amongst other pieces of sensitive information. Although the institutions affected by this breach declared the disruption to be minimised, the nature of the information leaked would have no doubt caused significant distress to the well-being of individuals associated with any of these institutions due to the risk of follow-on attacks to students, and/or faculty staff if contact information was included. If a hole now existed in their defences, these schools would then be scrambling to plug these before an inevitable repeat would occur.
More recently two schools in Maidstone and Highgate suffered similar data breaches with the latter being forced to remain closed for an extra week when classes resumed in September. The principal of St Augustine Academy in Maidstone alerted parents and carers of the “serious IT breach” via Facebook and indicated that school systems and data had been encrypted by a criminal organisation. He went on to warn all staff and parents to be “extra vigilant if they were to receive unusual emails or phone calls” suggesting it was confidential contact information that was stolen. Clearly the hallmarks of a sophisticated ransomware attack and with Maidstone specifically, the threat of follow-on attacks against parents was a very credible threat.
Taking Security Seriously: The Value of a Trusted Partner
As we move into a future filled with AI, and ever-evolving technologies, the frequency and methods of attacks will likely evolve with it. Even if an organisation has the technical knowledge and expertise, working with a partner you can trust, such as Ultima, can provide guidance and further resilience to any security posture to ensure not only all avenues of attack are mitigated, but in the event of a breach the information is worthless to the attacker. Ultima work with organisations of different sizes in different sectors with different challenges, which helps us ensure we are informed as much as possible about the types of threats organisations can face.
Working with Ultima, you can expect us to work with you to ensure the deployment of a defence in depth strategy. Firstly, all boundaries of your infrastructure will be reinforced and protected to ensure the methods of entry are limited. Ultima will then help your organisation to ensure the infrastructure and more importantly the data is secured and protected internally with best-practice guidance and consultancy around encryption and general security and disaster recovery practices. Finally, Ultima will also improve and bolster the resilience of staff and users through the medium of education. Technology can provide safeguards up to a point however the staff still need to work with these systems and the information within so they must be armed with sufficient knowledge to be able to spot a threat and ensure it does not lead to compromise.
If your perimeter is secure, your data is encrypted and backed up correctly, your software and vendor operating systems are kept up to date and your staff are armed with the knowledge they need to remain vigilant, then Ultima consider your organisation the most protected it can be. Breaches may still occur but with proper robust security practices in place to protect your staff, systems and data then downtime will be kept to an absolute minimum. More specifically with data theft, the criminals will have nothing but encrypted data to which they cannot read. Suddenly the target becomes far less attractive, and the sharks will move onto easier prey.