Suffolk High School Forced Offline After Cyber-Attack
A leading English secondary school has shut down its IT systems following a cyber-attack just days before the start of the new academic year, according to reports.
The private Church of England Debenham High School in Suffolk told parents last week that the incident had forced it offline, but that there’s no evidence any personal information was compromised, according to the BBC.
“Although it is difficult to provide precise timescales for a full restoration, the support team has assured us that due to the safeguards we have in place, the restoration process should happen more quickly,” headteacher, Simon Martin, is quoted as saying.
Darren Williams, CEO and founder of Blackfog, argued that schools should focus on incident response plans and preventative tooling in order to minimize cyber-risk. Password security best practices and phishing awareness among parents and pupils could also help to reduce the cyber-attack surface, he said.
“In 2023 so far, education has been one of the most heavily targeted sectors; ruthless cyber-attackers continue to target vulnerable schools with under-invested IT infrastructure, a lack of controls and outdated cybersecurity tools,” Williams added.
“In light of the ‘back-to-school’ rush in the forthcoming weeks, both schools and parents/pupils alike have a responsibility to play to ensure cyber-attacks are kept to a minimum, and any incidents that do happen are under control.”
As if to emphasize the threats facing UK schools, new research from Proofpoint has revealed that most of the country’s top-performing academic institutions are lacking email security measures.
It found that 96% of the top 50 state secondary schools and 92% of the top 50 sixth-form colleges have not deployed the recommended level of DMARC protection (p=reject), which prevents fraudulent emails from reaching victim inboxes.
“Email authentication protocols like DMARC remain the best way to shore up email fraud defenses, eliminating domain spoofing or the risk of being impersonated,” explained Proofpoint cybersecurity strategist Matt Cooke.
“As holders of vast amounts of sensitive and critical data, we advise educational bodies across the UK to ensure that they have the strictest level of DMARC protection in place to protect those within their networks.”