Posts

Cyber Security Schools Audit reveals urgent issues facing schools nationwide

 

  • 78% of schools fell victim to at least one type of cyber incident in 2022 – with 7% experiencing significant disruption as a result
  • 21% suffered a malware and/or ransomware attack and 18% faced periods with no access to important information
  • 26% had not implemented multifactor authentication to safeguard important accounts
  • 25% continued to allow limited staff access to USBs that can compromise systems through infections from computer viruses, malware and spyware
  • 4% had no back up facilities
  • 6 schools reported a parent losing money due to a cyber incident.

Top three attack vectors used by criminals:

  1. Phishing – fraudulent emails from attackers used to deceive staff into revealing sensitive information
  2. Spoofing – where attackers impersonate someone else to gain a victim’s confidence, access to a system, steal data, or spread malware
  3. Malicious software including:
  • Malware – used to disrupt or gain access to systems
  • Viruses – programs that when executed replicate themselves by modifying other computer programs and inserting their own code
  • Ransomware – designed to block access to a computer system until a sum of money is paid.

Schools continue to remain at particular risk from cyber criminals and must demonstrate vigilance, says the National Cyber Security Centre (NCSC, part of GCHQ) and edtech charity LGfL-The National Grid for Learning (LGfL), which today published their Cyber Security Schools Audit 2022 of UK schools nationwide.  The report can be downloaded here securityaudit.lgfl.net

Given the global shortage of skilled, experienced cybersecurity professionals, even large corporations struggle to recruit qualified staff. According to Mark Bentley, Cybersecurity Lead at LGfL, “For cash-strapped schools – rightly focussed on teaching and learning and keeping children safe – recruiting qualified staff is both a significant challenge and an additional expense – this is why LGfL and partners, which include some of the world’s largest security providers, have published an additional report that includes further analysis and important next steps for schools, also available at securityaudit.lgfl.net.”

 

However, the audit did reveal that schools are wising up to the cyber threats they face:

 

  • 53% of the schools reported they felt prepared for a cyber-attack (compared to 49% in 2019)
  • Awareness of phishing in schools has increased from 69% in 2019 to 73% in 2022
  • 55% (compared to 35% in 2019) implemented staff training for non-IT staff
  • 49% (compared to 41% in 2019) have included their core IT services in a risk register or business continuity plan
  • 90% (compared to 33% in 2019) have at least one of the following – a cybersecurity register, risk register, or business continuity plan.

 

Sarah Lyons, NCSC Deputy Director for Economy and Society said, “Our schools rely so much on the myriad of data required to run efficiently – including sensitive data on students, parents, governors and staff – therefore more work must be done to support the cyber security around these essential services. That’s why the National Cyber Security Centre has been working with schools and the education sector to provide free tools and guidance to help schools manage their cyber risks effectively and supporting them to keep this valuable information safe.”

 

Concluding, Mark Bentley, said, “Cybersecurity can sometimes feel like a Rubik’s cube that changes its colours just as you are on the verge of solving it. Every week seems to bring new threats and make the list of ‘vital steps to stay protected’ grow even longer! But as with any complex issue, you can do a lot to manage and mitigate cybersecurity risks and this report is helping us to shape the support needed so that schools can do just that.”

 

SAFER INTERNET DAY 2023: DISCOVERY EDUCATION PROVIDES RESOURCES TO HELP CHILDREN STAY SAFE ONLINE

A male teacher sits supervising a group of children who are working on whiteboards and digital tablets. ; Shutterstock ID 298463792; Team: Marketing; Product: DoodleLearning; Project: DoodleLearning Press Release; other: Michelle Burleigh

Digital resources promote safe use of technology and help schools observe global event

 

Discovery Education — the worldwide edtech leader whose state-of-the-art digital platform supports learning wherever it takes place — is proud to support Safer Internet Day – 7th February 2023 – by providing UK primary schools with dynamic digital resources to help students stay safe online and develop digital citizenship.

 

Available via the award-winning digital learning service Discovery Education Espresso, the resources were  created by the UK Safer Internet Centre to help schools mark this year’s event and support pupils to navigate the online world safely. 

 

Helping pupils to develop digital literacy skills and understand who and what to trust online, the resources include videos, activities, assemblies, and lesson plans. Child-led films explore issues such as fake news and disinformation while fun activities promote digital citizenship and teach children to question the motives behind what they see and read on the internet.

 

Highlighting how young people can influence and support a safer internet and build positive digital citizenship skills, the resources also provide tips for safer online behaviour, particularly when gaming or interacting with friends on social media. Designed for pupils from Foundation to Year 6 and suitable for remote or in-class teaching, the comprehensive resources will inspire the safe and positive use of technology and empower children to take control of their digital lives. 

 

Howard Lewis, Discovery Education’s UK and International Managing Director said:

 

“Safer Internet Day is an ideal opportunity for schools to shine a light on the issue of internet safety and to have important conversations with their students. We’re proud to back Safer Internet Day by providing teachers with engaging resources to support students on their digital journey, helping to make the internet a safe, positive and enjoyable place for everyone.”

 

Now in its 20th year, Safer Internet Day is a nationwide celebration, organised by the UK Safer Internet Centre. In 2022, the event was celebrated in more than 180 countries and territories worldwide. With a theme of ‘Together for a Better Internet’, this year’s event will see schools and organisations unite to inspire positive changes online, raise awareness of safety issues and participate in events and activities across the UK and around the world.

 

The Safer Internet Day resources are available to Discovery Education subscriber schools via Discovery Education Espresso, the curriculum-centred daily learning platform for primary schools.

 

Explore Discovery Education’s award-winning digital learning services at www.discoveryeducation.co.uk.

 

Find out more about Safer Internet Day at www.saferinternetday.org.uk.  

 

KnowBe4 Launches New Mobile Learner App for Anytime, Anywhere Cybersecurity Learning

 

KnowBe4 empowers end users by introducing security awareness and compliance training on the go at no additional cost 

London, UK (November 28, 2022) – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it is launching the new KnowBe4 Mobile Learner App to empower end users by introducing security awareness and compliance training on the go at no additional cost to customers, improving user engagement and strengthening security culture. 

With a large majority of the world’s population using smartphones today, mobile training revolutionises the way people learn. This new app will enable end users to complete their security awareness and compliance training conveniently from their tablets or smartphones, giving them 24/7/365 access. 

“The KnowBe4 Mobile Learner App is the first of its kind to launch in the security awareness and compliance training space, making it easier than ever to train users while subsequently strengthening an organisation’s security culture,” said Stu Sjouwerman, CEO, KnowBe4. “This new app will enable IT and security teams to improve engagement and completion rates for required training thanks to a seamless user experience. This will also help users to associate security with their personal devices, keeping it top of mind all the time rather than only when they are at work on their computers. We are making this substantial new capability available at no additional cost to all subscription levels as a show of our commitment to supporting our customers’ security and human risk management objectives.” 

Based on subscription levels, KnowBe4 offers 100+ Mobile-First training modules that were designed specifically for mobile. The KnowBe4 Learner App supports push notifications for custom announcements, updates on assigned training as well as KnowBe4 newsletters. 

The app is available for iOS and Android, and free to all KnowBe4 customers with a KnowBe4 training platform subscription. For more information, visit https://www.knowbe4.com/mobile-learner-app.  

About KnowBe4 

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 54,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence. 

Softcat reveals cyber security is top IT priority for education sector in 2023

 

60% of education sector prioritising Cyber Security over the next year –

25% say sustainability is an important factor in their IT investments –

A new report by leading providers of IT infrastructure, Softcat, offers an exclusive look at the tech investments the education sector is prioritising in the year ahead. 

 

The findings form part of a report based on the views of more than 1,800 customers in the UK and Ireland – across 27 corporate and public sectors. 

 

The annual report reveals the education sector is prioritising Cyber Security above all other technology areas, with 60% of respondents saying it is their top focus over the next 12 months. 

 

Maintaining robust cyber security is a major challenge for the education sector, as demonstrated by the Cyber Security Breaches Survey 2022. According to the data, 92% of higher education colleges identified at least one breach or attack in the past 12 months – much higher than the average for UK businesses (39%).  

 

Universities have become lucrative targets for cybercriminals in recent years, mainly due to the huge amounts of non-public research information they hold. A report published by the National Cyber Security Centre shows that the university sector was the third most vulnerable to cyberattacks.  

 

Breaches or attacks identified within primary schools stayed at similar levels to 2021 (41% vs 36%), but within secondary schools, there was a significant increase in breaches and attacks (70% up from 58% in 2021). 

 

As the education sector becomes more digitalised and reliant on technology, cyber resilience has become a top priority. This involves taking a proactive approach to securing networks, devices and data, rather than responding ad-hoc to incidents. 

 

After Cyber Security, Devices is the second most cited technology investment area for the next year as organisations continue to invest in the digital workspace (58% of respondents). 

 

Covid-19 and its associated disruption has emphasised the need for educational institutions to have an agile method to onboard, secure, manage and monitor the devices used. This is particularly true for increasingly popular hybrid working and bring-your-own-device models. 

 

This is also reflected in the third top priority for education organisations – End Point Management (41%). 

 

Effective end-point management can support organisations from a security standpoint, allowing administrators to geofence features, track devices and assign policies and restrictions based on location. It can also help organisations limit accessibility on devices on-premises and at home, as well as speed up configuration, assignment and updates on a large scale. 

 

It’s clear from the survey findings that sustainability is moving higher up the agenda in the education sector when considering technology investments, with 25% of respondents citing it as a priority this year. 

 

Richard Wyn Griffith, Chief Commercial Officer, commented on the findings:  

 

“The past year has been one of transition and adjustment for our customers after the disruption and uncertainty of recent years.   

 

“Today, organisations are focused on switching off ‘emergency’ digital transformation mode and turning on smarter digital transformation, setting a clear and concise roadmap for the deployment of new technologies.  

 

“This will help them to remain agile in the face of new headwinds, as well as taking positive action towards our shared sustainability goals.   

 

“One thing is certain; it will be the digitally mature who prosper in the future.”  

 

The full findings from the 2022 Softcat Business Tech Priorities Report, including expert analysis, can be downloaded here.  

Safeguarding: A Big Issue in Education Sector

Cyber security threats are constantly evolving, and security defences face an ongoing struggle to keep up. Cyber attacks against schools have been growing rapidly in the last few years. Educational establishments are currently more likely to suffer a security breach than businesses (Cyber Security Breaches Survey 2021). The illustration below shows the percentage of institutions that have identified a breach or attack in the last 12 months.

Technology development brings new threats

The Department for Education, alongside the National Cyber Security Centre (NCSC), have written to schools twice in 2021. Both alerts highlighted the increased attack levels and the urgency of securing systems.

It’s long been essential for schools to prioritise safeguarding and to seek to protect sensitive student data. The attacks can come in many forms, from typical phishing emails to malware via downloads, ransomware, and denial of service attacks.

 

Cyber security as a whole strategy is only really coming to attention now. Creating a culture of security is a known goal in the business world, yet it should also be the same in an education setting.

Even if a school suffers no financial or data losses, losses from an attempted breach are noticeable elsewhere:

  • schools may need to invest in new security measures
  • staff time will be taken up with dealing with the breach (senior management, communications, and IT)
  • the wider staffing body may be unable to carry out their activities
  • students may be unable to receive their full, rich curriculum program.

What steps you can take to successfully protect your school sites?

IT isn’t exempt from human error. It’s worth having a quick check to see that you’re doing all you can to keep your defences up to date.

  • Use a firewall to protect all devices within your IT network from external networks, particularly those that connect to the internet publicly or over untrusted Wi-Fi Networks.
  • Check the settings on all software and devices to ensure security is at its highest functional level. Disable and remove any functions or accounts you don’t need or use.
  • Don’t use the default PINs or passwords that come with new devices; convey the benefits of a strong password policy. Also, consider two-factor authentication for access to mission critical accounts.
  • Control access to your organisation’s data through user account privileges. Only give administrative or extra permissions to employees whose job function dictates a need for this.
  • Only permit access to software from official sources, this is the only way to minimise the risk of malware being installed on devices.
  • Implement anti-malware measures. There are a few options such as sandboxing, whitelisting or using free built-in OS defences such as Defender for Windows or XProtect for Mac. Whitelisting: only running administrator approved applications. Sandboxing: Running an application in an isolated environment with restricted access to the rest of the device and network.
  • Enable the ability to track and erase any lost devices.
  • Keep all devices and applications up to date to both add new features and fix any newly discovered security vulnerabilities.
  • Set ‘automatically update’ wherever this is an option to be protected as soon as an update is released.
  • Consider replacing legacy devices once the manufacturer no longer supports the specific hardware or software and doesn’t continue to release new updates.

Manage your IT stress-free.

Protect your Endpoints, Network and Cloud from Cyber Threats with M-Tech cloud-based Managed Security Suite. This cloud-based MSS logs and alerts to any breaches, unexpected changes, or attack attempts. It also identifies unwanted activity that can evade even the toughest traditional cyber defences.

Our M-Tech Managed Security Suite includes:

  • Continuous Monitoring – Always-on threat detection in real-time
  • Minimal hardware required – A small piece of unintrusive software is added to your endpoint device and/or network
  • Threat Hunting Activity – The software proactively hunts for malicious actors in your network that have evaded security defences such as firewall and anti-virus systems
  • Log Retention – Logs are stored for up to 12 months, with the ability to be retrieved as needed
  • Microsoft 365 Security – Looks at Microsoft 365 as a whole and will log and alert about anything from rule changes to attack attempts
  • Isolation and Remediation – Device isolation contains threats to protect the network with the option to remediate where possible
  • Anti-Virus and Firewall Monitoring – Logs and alerts across many different types of anti-virus or firewall solutions

Keeping up with the latest regulations, technologies and defending against threats requires a huge amount of both planning and knowledge.

We deliver round the clock monitoring through our M-Tech MSS to detect and respond to threats, keeping you always protected.

Contact M-Tech here to chat about how we can help you to protect your school.

 

Schools to benefit from bolstered cybersecurity resilience package launched in response to National Cyber Security Centre alert

LGfL-The National Grid for Learning is set to bolster online defences for schools in response to the National Cyber Security Centre’s alert to act now following Russia’s attack on the Ukraine,” says John Jackson, CEO, whose organisation has stepped up its cybersecurity resilience package to include monitoring, identification, sandboxing1 and the eradication of ever-evolving threats from phishing attempts, malware, hacks, viruses and ransomware. LGfL has provided services to the public sector over many years and is approved by the governing bodies for the Public Service Network (PSN) and Health and Social Care Network (HSCN) to provide secure access to systems across the public sector, including central government systems.

Newly appointed as the only UK Platinum Partner for Malwarebytes, LGfL is using its significant group buying power to supply schools with cybersecurity solutions at significantly discounted prices,  to help  safeguard their ever tightening budgets and their mass procured devices purchased for remote learning during lockdown.

In addition to the existing Incident Response (threat remediation), LGfL is now able to offer:

  • Endpoint Protection (threat prevention)
  • Endpoint Detection and Response (threat prevention, monitoring, sandboxing, isolation and rollback)
  • Endpoint Protection for Servers (threat prevention for servers)
  • Endpoint Detection and Response for Servers (threat prevention, monitoring, sandboxing, isolation and rollback for servers).

Using its Malwarebytes OneView console, LGfL will also be able to give third party support organisations (PSOs) greater visibility and control over what is happening across multiple sites. It will also be able to provide full information on licences issued/used through its OneView Portal and recover and redistribute any unused licences, helping schools to save money.  Existing licences will be transferred on to the console.  

Through its full CyberCloud solution, LGfL is now also able to offer 12 layers of protection to schools using its Let’s Get Digital Broadband Service, including:

  1. JANET:IP transit and DDoS (Denial of Service) protection – cyberattacks aimed at disrupting the normal traffic of a target’s servers, services, or networks by overwhelming the infrastructure, at or around the target, with a large amount of Internet traffic
  2. Core firewalls to protect the network – a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules
  3. Security Operations Centre – alerting and monitoring to protect the network
  4. Local school firewalls
  5. Sophos antivirus for workstations, servers and home use – software that detects and cleans up viruses, Trojans, worms, spyware, adware and other malicious applications
  6. Intercept X managed threat response for workstations and servers – anti-ransomware technology that detects malicious encryption processes and shuts them down before they can spread across a network. Intercept X prevents both file-based and master boot record ransomware
  7. Meraki Mobile Device Management – that allows users to manage mobile devices from the cloud in a secure environment
  8. Malwarebytes incident response and automated remediation – that detects and removes malware from computers
  9. Email protection including MailProtect filtering (Cloudmark) – a cloud-hosted, email filtering system that harnesses the combined strength of multiple market-leading technologies to offer protection against email-borne viruses, malware, fraud and phishing, as well as filtering unwanted bulk mail.  And Egress encryption which encrypts the message so that it is secure in transit and when it reaches the recipient.
  10. Web filtering – provided by Webscreen a highly flexible web filtering system designed to allow establishments and groups, such as MATs, to have access to local filtering settings and Netsweeper which enables organizations to protect internet users from harmful online content and provides web filtering, digital monitoring, and online activity reporting solutions to ensure digital safety on-premises and in remote environments
  11. End user training including Sophos Phish Threat which educates and tests end users through automated attack simulations, quality security awareness training, and actionable reporting metrics
  12. Research and awareness – National Cyber Security Centre (NCSC) Security Audit and Newsletters etc.

 

For further information on LGfL’s cybersecurity resilience packages please contact: Gareth Jelley, LGfL’s Cyber Security Centre of Excellence 0208 2555 555 (Option 3)

 

  1. Sandboxing  keeps potentially malicious programs or unsafe code isolated from the rest of the organization’s environment. This way, it can be analysed safely, without compromising the operating system or host devices. If a threat is detected, it can be removed proactively.

Bad Actors Innovate, Extort and Launch 9.7M DDoS Attacks in 2021 According to the Latest NETSCOUT Threat Intelligence Report

Ransomware Gangs, DDoS-for-Hire Services, and Server Class Botnet Armies Make Attacks Easier to Launch with Greater Sophistication

London – 22 March 2022 NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT) today announced findings from its bi-annual Threat Intelligence Report. During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service (DDoS) attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million. These attacks represent a 3% decrease from the record number set during the height of the pandemic but continue at a pace that’s 14% above pre-pandemic levels.

The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path (non-spoofed) attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsenals.

“While it may be tempting to look at the decrease in overall attacks as threat actors scaling back their efforts, we saw significantly higher activity compared to pre-pandemic levels,” said Richard Hummel, threat intelligence lead, NETSCOUT. “The reality is that attackers are constantly innovating and adapting new techniques, including the use of server-class botnets, DDoS-for-Hire services, and increased used direct-path attacks that continually perpetuate the advancement of the threat landscape.”

Other key findings from the NETSCOUT 2H2021 Threat Intelligence Report include:

  • DDoS Extortion and Ransomware Operations are on the rise. Three high-profile DDoS extortion campaigns simultaneously operating is a new high. Ransomware gangs including Avaddon, REvil, BlackCat, AvosLocker, and Suncrypt were observed using DDoS to extort victims. Because of their success, ransomware groups have DDoS extortion operators masquerading as affiliates like the recent REvil DDoS Extortion campaign.
  • VOIP Services were Targets of DDoS Extortion. Worldwide DDoS extortion attack campaigns from the REvil copycat were waged against several VOIP services providers. One VOIP service provider reported $9M-$12M in revenue loss due to DDoS attacks.
  • DDoS-for-Hire services made attacks easy to launch. NETSCOUT examined 19 DDoS-for-Hire services and their capabilities that eliminate the technical requirements and cost of launching massive DDoS attacks. When combined, they offer more than 200 different attack types.
  • APAC attacks increased by 7% as other regions subsided. Amid ongoing geopolitical tensions in China, Hong Kong, and Taiwan, the Asia-Pacific region saw the most significant increase in attacks year over year compared to other regions.
  • Server-class botnet armies arrived. Cybercriminals have not only increased the number of Internet-of-Things (IoT) botnets but have also conscripted high-powered servers and high-capacity network devices, as seen with the GitMirai, Meris, and Dvinis botnets.
  • Direct-path attacks are gaining in popularity. Adversaries inundated organisations with TCP- and UDP-based floods, otherwise known as direct-path or non-spoofed attacks. Meanwhile, a decrease in some amplification attacks drove down the number of total attacks.
  • Attackers targeted select industries. Those hardest hit include software publishers (606% increase), insurance agencies and brokers (257% increase), computer manufacturers (162% increase), and colleges, universities, and professional schools (102% increase)
  • The fastest DDoS attack recorded a 107% year-over-year increase. Using DNS, DNS amplification, ICMP, TCP, ACK, TCP RST, and TCP SYN vectors, the multi-vector attack against a target in Russia recorded 453 Mpps.

NETSCOUT’s Threat Intelligence Report covers the latest trends and activities in the DDoS threat landscape. It covers data captured from NETSCOUT’s Active Level Threat Analysis System (ATLAS™) coupled with insights from NETSCOUT’s ATLAS Security Engineering & Response Team.

The visibility and insights compiled from the global DDOS attack data, which is represented in the Threat Intelligence Report and can be seen in the Omnis Threat Horizon portal, fuel the ATLAS Intelligence Feed used across NETSCOUT’s Omnis security portfolio to detect and block threat activity for enterprises and service providers worldwide.

Visit our interactive website more information on NETSCOUT’s semi-annual Threat Intelligence Report. You can also find us on Facebook, LinkedIn, and Twitter for threat updates and the latest trends and insights.

Free cyber skills training for thousands of school pupils

  • Free online cyber security learning rolled out across UK secondary schools 

 

  • Cyber Explorers will teach 11 to 14-year-olds essential digital skills to meet demand for future talent in the cyber security sector

 

  • Schools in Newport, Newry, Inverclyde, Birmingham and Bradford among first areas to benefit from extra learning events

 

Thousands of secondary school students will learn essential cyber security skills for free through a new online learning platform being rolled out in schools across the country.

 

The move is part of government plans to create a highly-skilled and more diverse pipeline of talent for the UK’s fast-growing and in-demand cyber security industry.

 

Cyber Explorers aims to introduce 30,000 11 to 14-year-olds to important security concepts such as open-source intelligence, digital forensics and social engineering. 

Along with the help of both the friendly Cyber Ranger and the knowledgeable Cyber Squad, students will explore a variety of scenarios and collect virtual badges for making smarter choices online. 

Using characters, quizzes and activities, the free website will show students how digital, computing and cyber skills can lead to a range of career paths, including social media content creation, sports technology and medical research. Brand new content and characters will launch over the coming weeks. 

 

Last week new data published by the Department for Digital, Culture, Media and Sport showed cyber security in the UK is growing from strength to strength. The sector is now worth more than £10 billion and more than 6,000 new jobs were created last year. 

 

But only a third of companies are confident they will be able to access the digital skills they need in the years to come. The lack of relevant training is a barrier, keeping young people from some of the country’s most innovative and exciting careers. 

 

Cyber Minister Julia Lopez said:

 

“For years the UK has led the world in cyber security but we’re now looking ahead to the future. This sector is home to some of our most exciting, innovative jobs and they must be open to everyone. 

 

“Cyber Explorers will give thousands of young people the opportunity to learn digital skills they need for the modern workplace and get the best possible start on their journey towards a career in cyber.”

Girls and students from low socioeconomic backgrounds are underrepresented in IT courses at GCSE and equivalent levels and the trend continues into today’s cyber workforce. 

Just 16 per cent of roles in the sector are filled by women and many senior roles are not fully representative of wider society. 

Designed to engage younger students before they choose subjects for their GCSEs and equivalent qualifications, Cyber Explorers aims to improve the diversity of pupils picking computer science courses at Key Stage 4.

Chancellor of the Duchy of Lancaster, Steve Barclay, said:

 

“The UK’s cyber security industry is growing from strength to strength and we must continue to unlock the opportunities it brings to our economy by investing in the right skills and training.

 

“Cyber Explorers is a fantastic opportunity to encourage a new generation to learn the essential digital skills they need for the future and get the best possible start to their careers, as well as meet demand for future talent in the sector.” 

Suitable for in-classroom teaching, after school clubs and independent learning at home, the programme has been specifically developed to help teachers and parents introduce digital skills to young people while complementing the wider school curriculum.

The new platform is being rolled out as part of the government’s National Cyber Strategy. It will complement the existing CyberFirst programme of activities led by the National Cyber Security Centre (NCSC).

A series of events will be run by local businesses and networks in Newport, Birmingham, Bradford, Newry and Inverclyde to ensure young people from ethnic minority and socially deprived backgrounds have the support and access they need to benefit from the programme. 

Chris Ensor, NCSC Deputy Director for Cyber Growth, said: 

“Cyber security is a growing industry in the UK, with a huge variety of exciting career paths on offer that help defend our digital world.

“Supporting young people to develop cyber skills is vital for addressing the sector’s skills gap and for keeping the UK the safest place to live and work online.

“Cyber Explorers will play a key role in making cyber more accessible to young people, complementing the wider CyberFirst programme and inspiring students to pursue careers in the field.” 

59% of education professionals haven’t been cybersecurity trained

A new study reveals gaps in cybersecurity in the workplace around educational institutions in the US

 

A staggering 59% of employees in the education sector haven’t had cybersecurity training arranged by their current employer, according to a new survey commissioned by NordLocker, an encrypted cloud service provider. This is alarming information as the same survey reveals 61% of education professionals handle confidential data at work.

 

“Since education is among the top five industries most hit by ransomware, the organizations that don’t train their employees how to identify the potential risks and about the right measures to avoid them are on the brink of falling victim to various cybercriminal activities,” explains Oliver Noble, a cybersecurity expert at NordLocker.

 

One in five don’t use any cybersecurity tools

 

The survey reveals that 21% of employees in the education sector don’t use any cybersecurity tools at work. Among those who do use protection on their digital devices, antivirus is the most popular software (60%) followed by a password manager (50%), a VPN (35%), and a file encryption tool (24%).

 

“With cyber racketeers going after the overwhelming amount of personal student data some education workers have access to, employers who don’t urge their employees to use the necessary cybersecurity tools, or even worse, don’t provide them, are putting their reputation at stake,” says Oliver Noble.

 

26% would blame their employer for a data breach

 

When asked who should be responsible if they accidentally caused a data breach in their workplace, the majority of education workers answered with “both the employer and the employee” (47%). However, one in four respondents (26%) would solely blame their company if they were involved in a data breach.

 

“With the human element being one of the weakest links in a company’s cybersecurity and hackers looking for vulnerabilities to exploit, it’s easy to see why many employees believe their employer should ensure appropriate means to be able to withstand threats,” Noble says.

 

Four easy-to-implement cybersecurity practices for education employees

 

  • Wi-Fi network security. To limit outside access and restrict breaches to one network at a time, establish separate networks for students, teachers, and even administration staff. All routers should be protected with robust and unique passwords.
  • Zero-trust network access. Every access request to digital resources should be granted only after a member of staff’s identity is appropriately verified.
  • File encryption. To prevent data leaks in a cyberattack, all documents with staff and students’ personally identifiable information need to be protected. User-friendly encryption services make sure important information stored on the organization’s computers is always protected from prying eyes with strong encryption.
  • Teachers and administration staff need to have cybersecurity training arranged periodically. Since cyber incidents usually start with a malicious email, awareness and education will help employees recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.

 

Methodology: NordLocker commissioned a survey of 1,500 industry professionals in the US in October 2021.

 

ABOUT NORDLOCKER

NordLocker is the world’s first end-to-end file encryption tool with a private cloud. Created by the cybersecurity experts behind NordVPN – a world-renowned VPN service provider – NordLocker makes sure your files are protected from hacking, surveillance, and data collection. Available for both desktop and mobile, NordLocker supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. For more information: nordlocker.com.

 

INFOGRAPHIC