Global average weekly attacks on the education sector was at 2,281 in the first half of 2023, down 1% compared to the same period in 2022 according to this report. This places education firmly at the top of the list, followed closely by Government and healthcare. These sectors are most at risk due to their valuable data combined with, in many cases, grossly outdated systems.
Of course, budget cuts for state schools play a significant role too and should not be understated. With limited funding, education institutions will often prioritise learning resources and staff salaries over things like IT systems, training and cybersecurity.
Between 2010/11 and 2022/23, there has been a 4% drop in school spending per pupil, meaning that resources in education are stretched even further. A 2022 report found that 62% of schools had not received any cyber security training and 31% of respondents did not have an IT security policy. A lack of training and awareness about cyber threats only puts schools at more risk from cyber attacks.
Funding challenges combined with old, insecure IT systems, leaves a gaping hole for cyber criminals to exploit.
Don’t leave it too late
Many schools may believe that they will fly under the radar of cyber criminals, or perhaps with their already huge workloads and long working hours, school staff won’t even consider a cyber attack as a possible threat. However, a North West-based primary school was subject to a phishing attack in 2023 which led to hundreds of work hours being lost as a result.
After dealing with the North West Regional Organised Crime Unit (NWROCU), the school was referred to the North West Cyber Resilience Centre and we conducted a simulated phishing exercise and then prepared a follow-up report, which allowed the headteacher to assess how staff reacted, and then improve training.
Proactive training
Conversely, a local Academy school was referred to the North West Cyber Resilience Centre as a proactive measure to ensure their training was up to date and to help protect the school and the staff from a cyber attack. We delivered a Cyber Risk Assessment; Training and Policy Review, bringing the staff up to speed and enabling the school’s senior management to build more robust and effective policies and processes.
Get better protected
It’s important to consider cyber security a key priority for your school. The issue of lack of budget and resources will only become exacerbated if you fall victim to an attack so plan ahead and make sure that you’re protected. The North West Cyber Resilience Centre is a trusted, police-backed, non-profit organisation that offers accessible training and a whole host of guidance that can start you on your journey. To find out more, talk to one of the team.
Comments