in Security

NCSC issues alert following attacks on UK academia

Posted 23 September 2020 · Add Comment

The National Cyber Security Centre (NCSC) has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.



Image courtesy NCSC


Cyber security experts have stepped up support for UK schools, colleges and universities following a spate of online attacks with the potential to de-rail their preparations for the new term, with the NCSC issuing an alert to the academic sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery.

With institutions either welcoming pupils and students back for a new term, or preparing to do so, the NCSC’s alert urges them to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan which they regularly test.

Paul Chichester, Director of Operations at the NCSC, said: “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

“We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.”

The new alert, Targeted ransomware attacks on the UK education sector by cyber criminals, supplements existing support that the NCSC, which is a part of GCHQ, provides academic institutions across the UK.

Examples of this include advice on the questions governing bodies and trustees should ask school leaders to improve a school’s understanding of cyber security risks, and the distribution of information cards which help staff understand how they can raise their school’s resilience to attack.

David Corke, Director of Education and Skills Policy at the Association of Colleges, said: “As the last six months have shown us, it has never been more important for colleges to have the right digital infrastructure in order to be able to protect their systems and keep learning happening, whatever the circumstance.

“This needs a whole college approach and for a focus wider than just systems, it needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong.

“This guidance will prove incredibly useful for colleges to ensure that they can do just that.”

Steve Kennett, Executive Director of e-infrastructure at the higher education support body Jisc, said: “Jisc welcome the NCSC support in dealing with the current spate of ransomware impacting the UK Education and Research community.

“We encourage everyone to review the latest guidance from the NCSC and take the time to assess the risks to their organisation.”

Institutions that have been infected with ransomware have seen their ability to operate effectively and deliver services significantly obstructed and, depending on an organisation’s level of resilience, it can take weeks – and in some cases months - for services to return to normal.

Often the aim of cyber criminals deploying ransomware is to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks as well as services including telephone systems and websites.

The NCSC has recently updated its ransomware and malware guidance, which is generally applicable to organisations in all industries in the UK. Additions to this include updated information on attackers’ modus operandi and advice on preparing for an incident.

 

Other Stories
Advertisement
Latest News

NanoAvionics reveals three remaining HyperActive payloads

Nanosatellite bus manufacturer and mission integrator, NanoAvionics, has revealed the remaining three payloads of its D-2/AtlaCom-1 rideshare mission hosted on board its M6P 6U nanosatellite bus, which are part of the

Nasmyth Group signs precision engineering contract with Incora

Nasmyth Group has signed a multi-million pound contract with Incora to manufacture precision engineered components for multiple platforms including new and aftermarket OE (Original Engine) Build and support to Legacy Engines.

Airfield Development Advisory Fund goes live

From today, UK airfields and associated businesses are able to apply for access to Government funded professional and business advice on a range of topics, aimed at supporting future airfield development, thanks to the new Airfield

Seraph Aviation appoints Gerry Power as Head of Commercial Origination - Aviation Services

Specialised aviation asset manager, Seraph Aviation Group, has announced the appointment of Gerry Power to the position of Head of Commercial Origination - Aviation Services.

QinetiQ advances UK to vanguard of maritime mission systems

The National Maritime Systems Centre (NMSC) based at Portsdown Technology Park (PTP), has been transferred from VolkerFitzpatrick, who managed the construction, to QinetiQ.

Spirit AeroSystems completes acquisition of Bombardier Aerostructures

Spirit AeroSystems Holdings, Inc. (Spirit AeroSystems) announced today it has completed, through its wholly-owned subsidiaries Spirit AeroSystems, Inc. (Spirit) and Spirit AeroSystems Global Holdings Limited (Spirit UK), its

Itel SK2710301120
See us at
Security & Policing 2021 BTRAF Museum BT3CDSE BT0210030221