In today’s digital world, the education sector is challenged with keeping up with sophisticated cyber threats, heightened security protocols and ever-evolving regulations. Cyber attacks affect organisations across all sectors and industries. However, there has been an increase in the number of attacks against the education sector across the UK, specifically academy trusts and schools.

As stated by the government’s National Cyber Security Centre (NCSC) “the Education sector needs to review their cyber security risks and improve their cyber resilience”. It’s essential that academy trusts demonstrate their collaboration with knowledgeable experts to obtain a thorough understanding of their state of current cyber security and a prioritised plan for implementing improvements.

The Academy Trust Handbook places further emphasis on cyber security. Baroness Berridge, Under Secretary of State for the School System has stated that:

“Many of you will be aware of the increasing number of cyber-attacks involving ransomware which are affecting the education sector and others. I know that these events can have devastating effects on organisations and individuals, and the Department continues to work with crime prevention agencies to help trusts protect themselves. The handbook highlights the National Crime Agency’s advice not to pay ransoms, and to approach us if your trust finds itself in the very difficult position of contemplating such a payment.”

Parts 6.16 and 6.17 of the Academy Trust Handbook further define these expectations:

  • Academy trusts must be aware of the risk of cybercrime, put in place proportionate controls and take appropriate action where a cybersecurity incident has occurred. Trusts must obtain permission from the Education and Skills Funding Agency (ESFA) to pay any cyber ransom demands. ESFA supports the National Crime Agency’s recommendation not to encourage, endorse, or condone the payment of ransom demands. Payment of ransoms has no guarantee of restoring access or services and is likely to result in repeat incidents.


The scale of the issue

Academy trusts and schools across the country are falling victim to cyber-attacks. These can take numerous forms such as phishing emails and ransomware attacks. Fraudulent impersonation attacks are also becoming commonplace with one in three schools saying they’d been hit by fraudsters impersonating staff emails according to a 2023 survey.

Research from Microsoft suggests that education providers across the world are increasingly falling victim to cyber threats. Over 64% of all reported enterprise malware encounters across all industries involved organisations in the education sector.

  • In 2022,  Dixons Academies Trust was hit by a cybersecurity attack that caused huge disruption, cutting off systems and limiting communication.
  • In September of the same year, a cyberattack hit six UK schools after the network of a multi-academy trust covering 4,500 pupils was breached.
  • The following month, another school suffered a data breach resulting in the theft of students’ personal information which was subsequently released on the dark web.
  • In April 2023, Hardenhuish School in Chippenham was hit by a ransomware attack, with hackers gaining access to IT systems and demanding a ransom in return for restored access.
  • June 2023, Leytonstone School was forced to close after its IT systems were hacked in a ‘devastating’ cyber-attack.

It is clear from these reporting incidents that cyber-attacks on academy trusts and schools are rising. These attacks are causing huge disruption to the teaching and learning system, as well as compromising sensitive data of young children stored in educational systems. There are however steps that can be taken to protect your academy trust from cyber threats.


Reasons behind the increase

There are those who question why there is an increase in cyber-attacks against the education sector, and there are some answers. Schools and academy trusts have traditionally taught children in the classroom within school premises. With the impact of the Covid 19 lockdowns and distance learning, the lower security protocols at home compared to schools have created a larger attack surface for malicious threat actors to take advantage.

Weaknesses in device and system security and management make it easier for attackers to compromise accounts, spread malware and potentially gain access to sensitive information and school systems. These challenges have been widely reported. For example, the UK’s National Cyber Security Centre notified all educational organisations in 2020, and 2021 of the increasing cyber risks. In December 2020, the FBI and associated authorities published an urgent security notice communicating the risk of cyber threats to distance learning programmes. In April,  John Gilbert, CIO DfE warned:

“It is important that as heads of multi-academy trusts, you understand the nature of the threat and the potential for ransomware to cause considerable damage to your institutions in terms of lost data and access to critical services. Part of this is identifying your ‘crown jewels’ and ensuring you have an incident action plan, along with your defences. Having the ability to restore the systems and recover data from backups is vital in the event of an incident.”


Measures to take to protect your Academy Trust

Academy trust leaders need to prioritise an understanding of the cyber threats that are posed. Effective cyber security is about understanding your Trust’s susceptibility to vulnerabilities being compromised. Through identifying and managing those vulnerabilities, the Trust and its Academies will be protected to an extent that is reasonably possible.

Aside from phishing attacks and malware, the primary attack vector for schools currently is remote services – RDP. This is a feature that allows external access for IT staff to manage systems and services remotely. If your school or Trust central services use RDP, cybercriminals can find this by scanning the internet. Should they find it, they can easily hack into your systems. This is how many of the recently published school attacks have been compromised.

It is critical to identify where, and how, the attackers could be breaching your systems to understand how best to protect yourself. It’s even more crucial to prevent the breach from happening in the first place. Especially when most schools and trusts either don’t have a robust cybersecurity policy or aren’t sure whether what they have is fit for purpose.

The following questions must be asked

  • Do you know what your current cyber security posture is?
  • What systems do you have, how are they linked, and how are they secured?
  • Who is responsible for the security of your systems?
  • Is multi-factor authentication being used and is it set up correctly?


Securing your trust

Any organisation that has a digital presence faces cyber security risks. It is a matter of when, not if, a cyber threat emerges, so by ensuring your networks are protected, you can keep threats at bay.

At CYFOR Secure, our range of cyber security assessment services are designed to provide guidance through cyber security best practices to ensure the integrity of your Trust. All assessment services are led by a team who have years of experience and expertise within the educational sector. We will help you identify vulnerabilities within your networks and apply appropriate remediation measures to avoid data breaches and make sure your systems are secure.


Who are CYFOR Secure?

CYFOR Secure is the dedicated cyber security division of the CYFOR Group, specialising in a breadth of proactive and reactive IT security services, with expertise in Digital Forensics and Incident Response (DFIR). We are a trusted provider to SMEs and large enterprises globally, spanning numerous sectors that include education, manufacturing, legal, engineering, healthcare, finance, and telecommunications.

It has never been more important for organisations to understand the risks posed to IT infrastructures, and in turn, data, finances, and brand reputations. Our experts ensure that the technical aspects and specific sensitivities of each cyber security engagement are fully understood, mitigating any cyber risks, and enforcing security protocols.

The knowledge and expertise offered by our consultants make us ideally suited to intelligently advise and implement the appropriate cybersecurity strategies for your organisation.


Cyber security experience within Academy Trusts

  • We have direct experience collaborating with and securing the networks of a large academy trust spanning 45 schools over 5 counties.
  • Our proprietary vulnerability scanning technology evaluated all of the Trust’s endpoints, networks and systems to identify any existing threats.
  • Our in-house IASME assessors supported the implementation of Cyber Essentials & Cyber Essentials Plus, a requirement for schools and other education providers that receive ESFA funding.

Secure your Academy Trust with a cyber security audit and manage the risk of cyber threats, prevent data loss, and mitigate reputational damage.