At the beginning of April 2024, the UK Government released the latest Breach survey results, which included an Education Sector Annex; this document provides an excellent overview of their cyber security challenges and paints a worrying picture.
Apart from schools, all sectors are more likely to be victims of a cyber attack than a standard business.
Bases: 2,00 UK Business; 185 primary schools; 171 secondary schools; 43 further education colleges; 31 higher education institutions.
Table from 2024 Breaches Survey
Looking at the data above, the threat landscape in the university and further education space is concerning. However, when you compare the data to the 2023 data, it’s evident that in the last 12 months, there has been a negative trend in the number of breaches and attacks hitting this sector.
Bases: 241 primary schools; 217 secondary schools; 44 further education colleges; 52 higher education institutions; 2,263 businesses
Table from 2023 Breaches Survey
Delving deeper into the data, we see that phishing was the most common type of breach, the same as in 2023. Phishing attacks have been an above-average prevalence of all those organisations that experienced a breach in 2024. In the last 12 months, a slight change has been found in this survey’s phishing attack breach data.
The second most prevalent breach is again the same as 2023, which is others impersonating organisations online or in emails. There has been a slight reduction in the percentage of breached organisations reporting this attack. However, as the data shows below, it’s still much higher than the UK average in all parts of the education space apart from primary schools.
What makes the UK educational space such a successful target for cyber criminals?
When thinking about why the current cyber security landscape in the UK education sector is so different to the UK average, it’s essential to remember the unique challenges that the industry faces in terms of security:
- Funding pressures – many respondents cited funding pressures as one of the root causes for the current challenges, with one respondent answering, “Yes, basically nobody’s got any money, so it’s being reactive rather than proactive.”
- Unique organisation – especially when you look at the university and further education space, these organisations are so different from a typical corporate environment. Research requirements often mean that universities must be much more open than normal environments, which makes the security principle of zero trust impossible for sub-sections of researchers as this will hinder their ability to do the research. With funding cuts, research is an increasingly important funding stream for universities and, therefore, is viewed as mission-critical. There is also a remarkably high number of personal devices with potentially no security controls being brought onto the network.
- Students’ knowledge – Students are well known to be often one step ahead of the security that the school, college, or university is trying to implement.
Advantages of Implementing Managed Threat Intelligence in UK Education
In the breach survey, it was pleasing to see that 77% of universities and 53% of further education colleges invested in threat intelligence. This represented an increase in the number of universities investing in this area but a fall in the number of further education colleges investing in this area of security.
Organisations need good threat intelligence to stay ahead of criminals and avoid unexpected attacks, helping them to move from a reactive to proactive approach.
But what if they receive threat intelligence? An organisation can often experience information overload, with that information coming from multiple sources and varying efficacy. They might lack qualified staff to turn the information they receive into actionable intelligence. These issues with the more traditional threat intelligence might explain why there has been a drop in the number of further education colleges investing in threat intelligence in the last 12 months.
The Sapphire Threat Intelligence Managed Service provides Operational, Brand, and Vulnerability intelligence to reduce a customer’s exposure to the activities of cyber criminals. Providing these three strands to our service enables us to provide actionable intelligence relevant to all parts of an organisation, including its people, systems, and business activities, to identify threat intelligence to prevent malicious activity before it occurs.
To find out more about how we can help improve your organisation’s security posture, get in contact with our team of consultants.
