According to the BBC, LEG said the attack, which happened on 11 August, meant that students were unable to receive their A-level and GCSE results.
The education group has not revealed the nature of the cyberattack, but set up a temporary secure system to allow the distributions of student’s exam results, while engaging with external cybersecurity experts to investigate the incident.
“Since we became aware of the incident we have been working closely with the Education & Skills Funding Agency (ESFA), the National Cyber Security Centre (NCSC) and the Cyber Crime Unit from the National Crime Agency (NCA).
“The Information Commissioner’s Office has been notified. We’d like to reassure everyone that our student learning system has not been impacted by the cyberattack,” The group said, also confirming the reopening of the colleges in September. The group has not commented on if there attack resulted in the loss of data.
Matt Aldridge, the Principal Solutions Architect at Webroot, said that educational institutions should see the attack on LEG as a stark reminder to address cybersecurity and privacy compliance immediately as cybercriminals are targeting providers due to perceived weakness, as well as highly-sought-after data.
He reminded institutions that the education sector holds a massive pool of sensitive data, and needs to firm up cybersecurity strategies to ensure their IT infrastructure and data is protected, regardless of the crisis.
“Staff training is essential for defending against phishing attacks and business email compromise. The training materials used also need to be updated continuously to reflect the latest threat trends, and regular simulations should be run to ensure that the training has the desired effect,” he added.
A recent study by cybersecurity company Redscan has revealed that the cybersecurity strategies of UK universities are dangerously lacking. It highlighted that even while universities find themselves on the receiving end of millions of phishing emails every year, the average university is only spending £7,529 per year on cybersecurity training for faculty staff and securing IT networks, and only hiring three qualified cybersecurity professionals.
Redscan discovered that only 66 out of 134 UK universities have Cyber Essentials or Cyber Essential Plus certification, 49 per cent fail in providing proactive security training and information to students, 12 per cent of universities do not offer any kind of security guidance, support or training at all to students, and 46 per cent of all university staff in the UK received no security training in the last year.
The figures reveal the poor state of cybersecurity in UK universities and indicate that there is a serious lack in protecting intellectual property, precious research work, or the personal data of staff and students from cybercriminals who employ a range of phishing tactics to lure universities into sending over money or data or carry out DDoS attacks to shut down IT networks.
If your institution requires an improved IT strategy in London, contact our cybersecurity professionals today.
