Education Ransomware – What Education Should be Learning!

Blog home

Educational  institutions have increasingly been targeted by criminals during the pandemic, resulting in time-consuming and financially damaging recovery actions. In fact, Education suffers from more cyber attacks than any other sector. 

So with sustained demand for hybrid learning, compliance requirements, and modernisation of legacy IT: threats will continue to increase. However, new cloud technologies also offer robust security for the demands of modern education.

Recently, CirrusHQ hosted an expert panel webinar “Why Education must take IT Security More Seriously” which looked at key issues related to cyber-attacks education institutes are experiencing and need to address. The panel also discussed  the technical solutions to these challenges and provided a first-hand account from an institution that seized opportunity after experiencing disruption, and how they revolutionised their infrastructure by shifting from on premise to the Cloud.

The panel included:

The panel were told that over 30,000 websites are hacked every day,with 40% of companies already having been hacked globally. These seem to be scary statistics, and because of the scale of that data, many organisations simply bury their heads in the sand as it appears to be too big a problem to tackle.


The majority of cloud security failures are caused by end users

Since the start of the COVID-19 pandemic, education has been increasingly targeted by cyber criminals, perhaps because the sector is seen as an easy target because historically as a sector it has underspent on IT and security. Left with such technical debt, this has led to complexity – the enemy of security. 

This means employees may spend a lot of time managing that debt to “keep their heads above water” instead of investing time in proactive technical and security optimisation. What is also unique is the challenge of having a fluid user base which can change frequently, providing only a short window of time to educate on safe practices. Students, until entering higher education, have mainly been responsible for their own personal IT and device usage, and are therefore vulnerable to phishing activities which are responsible for over 70% of attacks.


But it is not all bad news as attacks tend not to gain access to the Cloud, which is why many institutions are moving to platforms such as AWS 

With the biggest threat being ransomware, another reason why Education is a target is its scale as an industry. Cyber-crime has now overtaken drug crime as the leading criminal activity. It’s very commercial and has a vibrant market where sharing and selling of software on the dark web is big business, and once data is stolen, it is sold to others to maximise revenue opportunities. Also, the software used to force access to systems was once only available to governments but is now easily acquired and at little cost. This means anyone with minimal IT knowledge can now set up themselves as hackers. Payback is high, and chances of being caught are very low. The primary defence against these actors is lowering their success rates. Take basic steps on safety as it’s a volume game, so be less vulnerable than others to attack, but be mindful you cannot defend against all attacks.


To give us a sense of what was being discussed, it was described first-hand, the experience of a cyber attack, including the response, and what happened next from a College’s perspective

Fortunately, while the college IT team were viewing their system infrastructure, unusual activity was noticed which prompted an immediate assessment. Recognising an attack was underway, containment was instigated and following a swift evaluation it was highlighted that data backups were of the utmost importance. 

The college was already in the process of reviewing cloud solutions with a number of suppliers, and reached out to Amazon Web Services (AWS) and CirrusHQ, an AWS Advanced Consulting Partner with Education sector competency. Within 24 hours the college was operating in AWS having created an immutable data storage in the cloud. This achievement was delivered by AWS and CirrusHQ providing external expertise to plug the college’s skills gap to reverse all the damage from the cyber attack and to re-initiate services, and also tested by the JISC cyber security team. Dormant code placed by the hackers later caused further disruption but due to a stronger security posture and recovery plan it was more readily addressed. Double extortion is common practice in more than 50% of cases and is likened to a virus. 


The panellists were asked, “Why migrate to the Cloud now?” and  “Is now the time for Educational Institutions to pause and take stock of where they are?”

It was stressed that the ease with which an attack can be orchestrated has become immensely disruptive. The threat is very real and is happening all the time. Making an immutable backup is key as it provides confidence especially as criminals are also targeting data backups to prevent restoration and frustrate  an organisation’s ability to recover. An on-premises campus can easily and quickly create a cloud storage as another layer of security. It’s not just server backup, but complete environment restoration which the Cloud can provide, saving potentially months of cleaning after an attack.

As the nature of attacks are always evolving, it was stated that the best approach to provide confidence in dealing with the yet unknown, is employing a mindset that an attack will happen at any time.Security should always be a topic to be included in all plans and activities for all stakeholders across an organisation and to not rely mainly on the IT department. Education has a transient population – so to educate on ‘cyber hygiene’ is challenging and the key is not about chasing bad behaviour but ensuring good practice.


Migration to Cloud platforms such as AWS is a powerful IT solution, but a shift in organisational culture is needed to achieve maximum resilience

Culture is the most important factor for an organisation’s protection over time, and with a poor security culture, organisations can find it difficult to migrate, especially when managing new tools and devolving control to more employees. An organisation must realise it is everyone’s job to uphold good practice, whilst the IT department is there to provide expert help and deliver modern tools and methods such as landing zones and continuous compliance monitoring.

Asked to summarise, the panellists agreed that having first-hand experience of an attack has highlighted that maintaining business continuity requires a cloud first strategy. Legacy services and infrastructure will not be replaced overnight, but organisations need to make a planned approach and take advantage of “low hanging fruit” opportunities along the way. These short term activities should then form part of a strategic plan to address  the remaining IT estate.


Security, resilience, performance, and cost savings are key focuses in migration to the Cloud and a shift in system support from looking after hardware, to supporting the Cloud

What lessons did the panel think needed to be learned? 

  • Accept that an attack is going to happen – it may already have.
  • As a minimum, have your data in an immutable safe place as part of your recovery plan. 
  • Following an attack, nothing compares to the raw fear that seeing everything has stopped working  can be paralysing. The state of disruption is massive, and especially for dispersed organisations whose communications have also been brought down. 
  • Create a cyber-attack rehearsal: think of it as a fire drill –  as it’s not a plan until it’s rehearsed. 
  • Test your back-up recovery, as well as your plans to contain and recover. 
  • Finally, look at your culture and make sure it’s not ‘who to blame’ but ‘who will respond to the incident at all levels’ – as it is not just the IT department’s responsibility to ensure business continuity.

To watch the webinar click here.


SafeGuard your data – Education and Research Organisations

Protect your organisation from attacks and maintain business continuity with a tailored end-to-end data backup and restoration solution from CirrusHQ – read more.