Education Sector Prime Target For Malware Attacks

In recent months IT Group has become aware of a number of ransomware attacks on educational institutions. When such attacks occur, valuable data become inaccessible to users until a ransom is paid. Unfortunately, the ransomer may not unlock the documents after the payment is made meaning the data is potentially lost forever.

Why are Schools & Universities targeted?

Schools and Universities are a prime target for hackers because they hold a large amount of sensitive data about staff and students within their IT systems.

It is also easy to find key contact information for members of staff as it usually readily available within the public domain. This means hackers can conduct targeted attacks on a number of individuals within an organisation at the same time.

Schools, in particular primary schools, will store a database of images relating to pupils including class photos and photos from school trips. These databases are often subject to attacks from online predators.

With ex-police personnel within our ranks, we have first-hand experience of seeing large databases of images of children that have been purchased over the internet. The images may not be graphic in nature, but the context means these may be classified as an illegal ‘indicative’ collection of images (Level 1 of the COPINE scale). Acquiring and selling these databases can become a very lucrative exercise for hackers.

The situation is exacerbated as more organisations give in to the ransom demands placed upon them. Some establishments cannot afford ‘downtime’ and find it cheaper to pay the ransomer rather than starting with a new IT system.

Many schools and universities use outside IT providers, meaning they are one step removed from their networks and computer systems and may not be as aware of the ins and outs of security as they should be. While the more professional IT outsourcers will enhance the system security and the provide education to users, many smaller and less well organised IT service providers are not properly resourced and equipped to stay ahead of hackers. This can mean that malware is less likely to be found before it is able to take hold, as well as meaning the intrusion attempts are more likely to go undetected.

What preventative measures can be put in place?

We can provide ad-hoc and regular scanning of key systems and digital perimeters to give you added peace of mind that your business data is secure.

We also have a portfolio of training packages covering all aspects of cyber security, ranging from basic awareness training to more in-depth security management training. See below a short summary of our cyber security services that we provide to a number of clients across a range of industry sectors, including the education sector.

Vulnerability Test

A vulnerability test provides an in-depth analysis and report on your IT infrastructure. We conduct a series of tests across your IT estate which will reveal where software or firmware is not fully patched, where routers and firewalls are unnecessarily open to exploit and where user accounts are dormant or over-privileged. We are able to report this so that your IT support can adopt the recommendations or we can arrange to do that for you.

Penetration Test

A penetration test, or pen test, consists of a series of actual attempts to gain unauthorised access in a similar way to those attempted by real-life hackers. IT Group can replicate a criminal attack by trying to access your network and systems thus highlighting any vulnerabilities in your infrastructure. At the conclusion of the Penetration Test we will report to you on any exploits we have uncovered and set out our recommendations for improvements to the security configuration of your network, systems and equipment.


Well protected systems can easily be defeated by tricking an uneducated user, with “human” error being responsible for the majority of data breaches. IT Group provides a range of training services covering all aspects of cyber security from basic awareness training to in-depth, on-site analysis and threat reporting, in addition to suggesting improvements, on-going plans and investment.