Cyber-attacks against schools continue to be a concern across the Eastern region.

The reasons for this are fairly simple

• Schools possess large quantities of high value and sensitive data that they may have to pay for to get back.
• Schools networks and processes offer a lot of vulnerabilities through either underinvestment or weaknesses in their underlying processes. In many cases these vulnerabilities are caused by the necessity of having so many people and devices to attach to the network

A number of education ransomware alerts have been published by the National Cyber Security Centre throughout 2020 and 2021, and more are expected over the coming year. 1000s of schools have been attacked over the past few years and many have resulted in long term problems for the organisations affected, including the staff, students and parents.

Whilst the rise in attacks was blamed partly on the pandemic and a rise in remote learning, the risk to schools will persist until they are provided with the tools to fight back. And these attacks are happening right now in our region. In the summer of 2021 a ransomware attack against schools in Kent actually caused several of them to close for several days whilst the data breach was resolved. And at the time of writing it is quickly becoming apparent that at least one school in Essex is currently experiencing an ongoing cyber-attack, and that data from its network has been published on the dark web!

So, what is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, website, or network by overwhelming it with a flood of Internet traffic.

DDoS attacks frequently come from multiple sources to make their identification more difficult. It can also hinder the victim organization’s attempts to stop the DDoS.

In lay terms it’s like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

DDoS normally present themselves, as you would expect, by a slowing or crashing of a network or website. For a school this could mean no student or teacher is able to access their work through the school network or it is just so slow that valuable time is wasted waiting for pages to be loaded.

Can you protect yourself from these attacks?

DDoS attacks are notoriously difficult to prevent. The attackers don’t necessarily need internal access to the network as the attack is from the outside. They are increasing in complexity and sophistication meaning that defense against these dark arts needs continual review. But the key points for protection to remember are

• Know your network's traffic. A free tool that we can recommend here is Police CyberAlarm. This monitors incoming traffic and will give you threat alerts about where attackers maybe looking to gain access.
• Create a Denial-of-Service Response Plan within your incident response plan
• Make your network resilient and practice good cyber hygiene – using CE principles
• Scale up your bandwidth. The greater the bandwidth the more effort a DDoS attacker will have to make to crash your site. Moving your operation to the cloud may help.
• Take advantage of anti-DDoS hardware and software. Speak to your Managed Service Provider (MSP) if you have one.
• Make sure all staff know the symptoms of an attack and respond quickly to it using your plan.

What next?

Here at the centre, we would advise you to do three things now

• Join our growing community by signing up to free core membership of the Eastern Cyber Resilience Centre. You will be supported through implementing the changes you need to make to protect your business and your customers.
• For small and medium sized businesses in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.
• We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf. And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing ​

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).