The Government's 2023 Cyber Security Breaches Survey showed that colleges (82%) and universities (85%) were most likely to identify breaches or attacks. However, only 41% of primary and 63% of secondary schools have identified breaches or attacks in the last 12 months.
Schools and colleges face phishing attacks, with almost 92% of colleges and universities (100%) identifying phishing attacks in the last 12 months.
The study also found that one in two (50%) universities reported experiencing breaches or attacks at least weekly. Additionally, 75% have been negatively impacted regardless of whether there was a material outcome.
Colleges and Universities are more likely to be attacked versus Primary and Secondary Schools
Colleges and Universities are more likely to have experienced a more comprehensive range of breaches and cyber attacks than the typical school or business. They often deal with phishing attacks, impersonation, viruses or other malware and denial of service attacks. For example, 86% of universities see impersonation attacks on the organisation via emails or online.
Cybersecurity is a high priority for governors and senior management
All education providers said cyber security was a high priority for their governors or senior management (97% of primary schools, 95% of secondary schools and 95% of colleges). However, the survey, released in April of 2023, found that only 17% of primary schools know the Cyber Essentials scheme (51% of secondary schools and 95% of colleges.)
Whilst 87% of universities have heard of the NCSC's 10 Steps to Cyber Security, awareness of this guidance is lower among primary schools (38%) and secondary schools (42%).
How can you improve your cyber resilience?
Unprepared staff are at a heightened risk of being caught unaware when starting a new job or dealing with the demands of a busy school week. In addition, your team must be trained in cybersecurity regularly; just 49% of primary schools said they had trained staff on cybersecurity.
Whilst resources continue to be stretched, you must not forget about Cyber Security. Whilst basic knowledge of cyber security should be expected from all your employees, it's essential to implement your cyber security training. You should increase the level of training with specific guidance for your industry. You must implement security training when onboarding new starters and follow this up throughout your employee's lifecycle.
The Cyber Resilience Centre can offer your staff security awareness training. You must implement security training to provide simple and practical knowledge when onboarding new starters. Hence, your staff understand their environment and give them the confidence to challenge themselves when something doesn't look right. Contact us today to learn more.
Remember that membership with the Cyber Resilience Centre is free. We can't guarantee protection from all types of cyberattacks. But, following our guidance (and from the NCSC) will significantly increase your security from the most common types of cybercrime.
