NCSC Alert: Education Targeted by Ransomware Attacks

By Mark Orchison - September 25, 2020

The National Centre for Cyber Security recently published an alert for those responsible for IT and Data Protection in education. The alert brings to light an investigation into an increase in ransomware attacks affecting the UK education sector including schools, colleges and universities.

The report provides insight into this alarming trend and also provides mitigation advice to help protect the sector from attack and urges schools to follow the NCSC’s recently updated mitigating malware and ransomware guidance.
To support these recommendations, we’ve compiled a list of free 9ine resources that you can rely on to help schools defend themselves against attack and initiate the recommended Defence-in-Depth strategy.

Resources for schools:

1. Cyber security best practice blogs:

2. Cyber security webinars:

It is also recommended by the NCSC that you run regular incident drills, where you plan and rehearse ransomware scenarios in the event that your defences are breached. The new 9ine App makes managing incidents simpler and quicker with a proven Incident Management framework and visual representation of risk, specifically designed for the education sector.

Reports of phishing emails are on the rise. Be vigilant!

Here at 9ine, our team has also observed a sharp increase in the number of schools being targeted with phishing emails. It’s important that you train staff and students about cyber security best practices including how to recognise a suspicious email and what to do and don’t do when someone is targeted. Here’s a quick reminder of what you should do now to help protect your school.

Ensure all members of the school community understand that they are at greater risk of attack given the current circumstances. Ensure a risk assessment of your IT Systems has been completed to ensure adequate security defences are in place. If you need support in completing this, 9ine have developed a Systems & Security Business Continuity framework that schools can access. We can also provide support in the instance of a potential incident.
Have in place an incident management plan specifically tailored for a potential cyber security breach. This includes steps to identify the origin of the incident (your own systems, someone else’s or open source intelligence).
Strongly consider implementing protections, such as two-factor authentication, for those individuals who have access to or process personal data that if disclosed, would have a significant impact.

For more resources and information about 9ine’s Security and Systems services and to discover how you can use 9ine’s Incident Management software to help you manage an incident from incident triage to lessons learnt talk to a 9ine expert today.

ABOUT THE AUTHOR:

Mark Orchison_Soft Square Profile picture-09

Mark Orchison is Founder and Managing Director of 9ine. He is an experienced management consultant with expertise in data protection, cyber security, technology, project and programme management in education. Mark began his career with Sun Microsystems before moving into management consultancy, where he was the technical consultancy lead for overseeing technology systems for new build schools. Since 2009, Mark has led 9ine in becoming the leading independent K-12 technology and compliance consultancy in the UK. Mark now leads a team of twenty multi-disciplinary and specialist consultants in-house, with a client base expanding across Africa, Middle-East, Russia, India, Asia and the Americas.