by Jonathan Wharton-Street
The UK’s schools, further education colleges and universities are increasingly in the crosshairs of global threat actors. Why? Because they’re viewed as easy and potentially lucrative targets: with few resources to spend on cybersecurity, but at the same time under great pressure to keep classrooms open. Combined this with large volumes of sensitive personal and financial data and you have a perfect target for a ransomware group.
In the previous two parts of this blog series, we explored the main threat vectors used by these groups, the potential impact of attacks, and recommendations from the National Cyber Security Centre (NCSC) on how to stay secure.
Now it’s time to offer our own advice for education institutions, and show you how Trend Micro products can help.
How to keep your organisation secure
A serious ransomware attack could lead to closures, major IT and clean-up costs, reputational damage and student disruption that few schools, colleges or universities can afford. Yet breaches continue to happen. The latest attack saw five schools in the north Wales island of Anglesey forced to take IT systems offline. Officials admitted that personal data may have been compromised in the cyber-raid.
Any education institution that has had to endure the fall-out of a ransomware attack will attest to the pain and complexity of trying to bring systems back online. That makes preventing an attack in the first place, or finding and stopping the attackers before they can do any damage, the best course of action.
Here are some best practices for users and administrators:
- Ensure software and operating systems are continually patched and up-to-date
- Exercise good email and web safety practices—downloading attachments, clicking URLs and executing programs only from trusted sources
- Encourage users to alert the IT security team of any suspicious emails and files
- Ensure your security products are updated regularly and perform periodic scans
- Implement application whitelisting on your endpoints to block all unknown and unwanted applications
- Regularly train users to spot the tell-tale signs of phishing and social engineering
How Trend Micro can help
Trend Micro has decades of experience protecting education sector customers from the latest cyber-threats. We understand that there’s no one-size-fits-all in this vertical: running IT for a small countryside primary school is a world away from securing a large city-centre university. That’s why we’ve developed a range of tools to block threats across multiple IT layers and improve incident detection and response.
These cover several of the threat vectors and key areas of interest highlighted by the NCSC, including:
Remote access: Trend Micro Cloud One Workload Security and Apex One have intrusion prevention-based virtual patching capabilities that organisations can use to shield vulnerable systems from known and unknown threats.
VPN vulnerabilities: Trend Micro TippingPoint Threat Protection System features a powerful set of cross-generational defensive techniques.
Phishing: Trend Micro Cloud App Security offers integrated anti-phishing protection for Microsoft 365 and Google Workspace. No need for rerouting email traffic or setting up a web proxy. Integrated XDR offers yet more threat detection power.
Lateral movement: Our TippingPoint, Deep Discovery Inspector and Vision One offerings are primed to spot malicious activity that might otherwise go undetected.
Backup: Our endpoint and server products also offer “ransomware rollback” capabilities where they will start to copy files if suspicious activity is detected.
Trend Micro Vision One sits at the centre of these efforts. It’s designed to correlate and analyse threats from across multiple layers (inc email, hybrid cloud servers, networks and cloud workloads) for rapid ransomware detection and response.