Data Breach Targets UK Nurseries: Education Sector Under Cyber Threat
Last month, a significant cyber incident targeted UK nurseries, culminating in the exposure of children’s data online by a hacking group known as Radiant. This breach has sparked widespread condemnation, with critics labeling it as a new low in cybersecurity violations. The incident sheds light on a troubling trend: the education sector, including nurseries, schools, and higher education institutions, is increasingly becoming a prime target for cybercriminals.
Recent data from a UK government survey indicates that educational establishments face a higher likelihood of experiencing a cyber-attack compared to their private sector counterparts. Specifically, six out of ten secondary schools reported breaches or attacks within the last year, a figure that rises to eighty percent for further education colleges and a staggering ninety percent for higher education institutions. In contrast, only four out of ten private businesses report similar experiences, mirroring the vulnerability levels of primary schools.
Toby Lewis, global head of threat analysis at the cybersecurity firm Darktrace, notes that the education sector is often swept into the broader landscape of cybercrime rather than targeted as a primary focus. He cites the randomness and opportunism that characterize the tactics employed by cybercriminals. In this particular case involving Kido nurseries, the initial access was reportedly brokered by an ‘initial access broker,’ a common practice in cybercrime, highlighting the layered strategies criminals employ.
The government survey, which queried nearly 300 primary and secondary schools alongside over 30 universities, defines a cyber-attack as any attempted breach of IT systems, which typically includes tactics like phishing. Phishing emails remain the most prevalent attack method among educational institutions, with attackers aiming to deceive recipients into divulging sensitive information such as passwords.
The rise of ransomware attacks has also become a prominent issue in the UK. Cybercriminals generally encrypt their victims’ files and demand a ransom in cryptocurrencies, complicating recovery efforts. Recently, West Lothian Council’s education network was compromised in such an attack, affecting data from multiple schools, while notable universities like Newcastle University and the University of Manchester have similarly fallen victim in past years.
Lewis emphasizes that state schools may be particularly susceptible to these attacks due to funding constraints and a lack of specialized cybersecurity expertise. In contrast, universities, populated with less security-conscious young adults and equipped with networks designed for academic collaboration, present an alluring target for attackers. Alarmingly, three out of ten further and higher education institutions report breaches or attacks on a weekly basis.
Despite the frequency of cyber incidents, the education sector exhibits a higher awareness of government cybersecurity initiatives compared to private businesses. Pepe Di’lasio from the UK Association of School and College Leaders describes ransomware as a significant threat, underscoring the substantial efforts being made to bolster system defenses.
James Bowen from the National Association of Head Teachers advocates for increased government funding aimed at assisting school leaders in identifying and managing cyber threats more effectively. The UK Department for Education claims substantial resources are allocated to support schools in cybersecurity, including collaboration with the National Cyber Security Centre and free training for staff members.
In response to the Kido incident, the hackers erased the stolen data, which included sensitive details about children, following public outcry. However, the broader education sector remains under imminent threat, prompting ministers to propose a ban on ransomware payments by schools and public institutions, a move that could deter future attacks. Until such measures are enacted, the risk to this critical sector persists.
For business owners, this incident emphasizes the necessity for robust cybersecurity strategies. As attacks become more sophisticated and frequent, understanding and mitigating the risks associated with initial access, privilege escalation, and other tactics cataloged in the MITRE ATT&CK framework is crucial. Awareness and adaptation are key in the ongoing battle against cyber threats.