Note: This article is part one of two
As students and teachers are forced out of the classroom due to the COVID-19 crisis, cybercriminals are exploiting the security vulnerabilities in distance learning and virtual teaching setups to launch ransomware attacks against education institutions.
This increase is in the context of a broader rise in the number of ransomware attacks anyway. Research shows 51% of businesses were impacted by ransomware in the last year, and according to Cybersecurity Ventures, a ransomware attack will take place every 11 seconds by the end 2021. But the UK education sector is now firmly in attackers’ crosshairs.
The threat is so serious that the UK’s Department for Education and the National Cyber Security Centre (NCSC) put out an alert to school leaders last autumn and the NCSC said it has been investigating an increased number of ransomware attacks affecting UK education establishments since August 2020. Even prior to the pandemic, almost a third of UK schools admitted suffering a malware or ransomware attack in 2019.
This trend isn’t limited to the UK either. The Cybersecurity Infrastructure and Security Agency and the FBI have both warned about increased ransomware attacks targeting K-12 (primary and secondary) institutions in the US, too.
Research by Emsisoft also shows that the education sector in the US disclosed 31 ransomware incidents in the third quarter of 2020 – up from eight incidents the previous quarter (although there is a caveat here that there is a historical year-on-year trend for ransomware attacks on schools to spike after the summer ahead of the academic year starting in autumn).
How safe is your Microsoft Office 365 cloud?
The growing use of cloud environments by schools and colleges to support home learning, particularly Microsoft Office 365 – Outlook, Teams, and OneDrive and applications such as Satchel One, is just one of the ways that attackers are able to find a way in and steal data or hold an organisation to ransom.
Yet there is still an all too common misconception that because your data is in the cloud it can’t be affected by ransomware. That simply isn’t true.
For example, a child browsing the web on their school tablet or laptop at home can easily be tricked into clicking on a malicious link by accident. If that device is connected and synced to OneDrive as part of the school’s Office 365 account, a ransomware file can be automatically uploaded to OneDrive and encrypt the school’s files and data held in the Microsoft cloud.
I’ve also seen examples where SharePoint, Exchange, and other data sources have been hit. And if network drives are mapped to document libraries in Office 365 using the ‘open with Explorer’ feature, the ransomware can also scan for and infect files on connected drives.
Despite these examples, many organisations still labour under the misapprehension that they don’t need to worry because the data hosted in their Office 365 cloud is protected by Microsoft. In our own survey, nearly 40% of respondents said they believed that Microsoft provides everything they need to protect their Office 365 environment.
Yes, Microsoft does have some limited features to restore deleted files. But surely it doesn’t need to be said that recovering deleted files from the recycle bin in OneDrive isn’t a recommended backup strategy. Neither is email archiving, which doesn’t allow you to restore a complete mailbox and all of its contents to a single point in time.
It may be buried in the terms and conditions, but even Microsoft recommends that organisations use a third-party solution to backup and protect their data.
In the second blog of this series I will look at the pros and cons of the different backup and recovery options that education institutions can use for their Microsoft Office 365 environments, as well as why cloud-to-cloud backup is now emerging as the most airtight solution to backup and protect your data.
Charlie Smith is a Consultant Solutions Engineer specialising in Data Protection and Disaster Recovery, with over 22 years’ experience designing and architecting both on-premises and cloud-based solutions, he helps organisations mitigate against the risk to data loss, ransomware and malware attacks. Charlie works closely with regional sales and SE teams who utilise his knowledge and expertise to support and drive data protection projects across EMEA for Barracuda.