It was announced last week that the UK’s Defence Academy was hit by a cyber-attack in March last year, causing ‘significant’ damage and requiring the network to be completely rebuilt. The Defence Academy delivers world class professional defence and security education to students from the Ministry of Defence, wider government, UK industry and overseas. Based in Shrivenham in Oxfordshire, the school teaches 28,000 military personnel, diplomats and civil servants every year.
Ransomware attack increase against schools, colleges and universities
The National Cyber Security Centre (NCSC) highlighted the threat of ransomware attacks on the UK education sector as far back as September 2020 – and they issued another warning as it investigated a further increase in ransomware attacks against schools, colleges and universities in the UK.
Unusual activity and alarm bells…but who’s watching yours?
Air Marshal Edward Stringer, who left the armed forces in August, said the attack, which was discovered in March 2021, meant the Defence Academy was forced to rebuild its entire network. You don’t have to be a cyber security expert to know that sounds like an enormous and, quite frankly, daunting task for any business.
Mr Stringer said ‘unusual activity’ was first discovered by contractors working for outsourcing company Serco and ‘alarm bells’ started ringing. There were ‘external agents on our network who looked like they were there for what looked like nefarious reasons’.
Monitoring your network is always a good idea – but how many businesses really keep a watchful eye on their network? Unfortunately for many, the answer is: not until it’s too late. But you wouldn’t check your back door is locked intermittently throughout the year. The same should apply to the doors to your online environment, too.
More haste, less security.
Almost overnight, entire learning institutions and curriculums were moved online. Cloud-based software, video conferencing tools, apps and e-learning games are all invaluable to enriching the home learning experience. But as students, teachers and parents frantically set up user identities and the devices to access the breadth of cloud services needed for a school day – there is the slight possibility that they were set up in haste, without the correct security in place.
Here are our top seven things to do if you think your business is at risk of a ransomware attack:
1) We’ve said it once, we’ve said it twice…and we’ll probably never stop saying it. Multi-Factor Authentication. Go now, set it up… (it comes free with any Microsoft Azure tenant). Microsoft recommend this as the single most important deterrent against attacks. Authentication via user identities is the first line of defence.
2) Back it up, baby. Making sure your data is backed up and, crucially, that you have a recovery plan in place. Having the steps already laid out, will, in the event of an attack, make restoring your data so much easier. Test your backup recovery regularly and, most importantly, isolate your backups – they can be hit with ransomware, too.
3) Centrally managing your organisation’s devices ensures that only applications, trusted by you, can access your environment.
4) Maintaining up-to-date antivirus and software on all the devices in your organisation (yes, even Geoff in admin) increases protection against the latest threats.
5) Keep it clean, folks. Restrict users’ ability to run unapproved software and block dodgy websites. It might seem heavy handed – but your compliance manager will thank you.
6) Inspect, monitor, alert. Actively inspect content within the organisation – as in the case of The Cyber Academy, the damage could have been much worse had they not been monitoring activity.
7) Use a firewall (or our FWaaS solution) and VPN to run all your traffic through. This will ensure dangerous traffic is kept out while creating a secure network tunnel into your organisation.
Sign up for alerts so you never ever miss a new blog post.