close
close

Classes have been canceled as “malicious” cyber attacks on schools become more common

image description, Brockington College students Archie (left) and Isaac (right) experienced weeks of disruption due to the cyberattack

  • Author, Nathan Standley
  • Role, BBC News

Class cancellations and long queues during lunch breaks are among the reasons why students are increasingly affected by cyber attacks on schools.

New figures from the Information Commissioner’s Office (ICO) show that 347 cyber incidents were reported in the education and childcare sector in 2023 – a 55% increase on 2022.

Government data suggests most schools and colleges experienced a cybersecurity breach last year.

Some tell BBC News this has led to temporary closures and weeks of disruption.

The Department for Education (DfE) says it has a dedicated response team to advise schools on such cases.

Two school trusts in the East Midlands were attacked separately within days of each other earlier this year.

Sharon Mullins, CEO of Embrace Multi-Academy Trust, says her schools are still feeling the impact of the attack, which took place just before Easter.

Staff at Brockington College in Leicester were first alerted to the breach when they saw their mouse cursors moving across their screens and files already open on computers when they first logged in at the start of the school day.

“The whole thing feels very scary,” Ms. Mullins said.

image description, Sharon Mullins, CEO of Embrace Trust, says the whole affair has been “enormously challenging”.

Within 30 minutes she had ordered all nine schools in the trust to take all their systems offline.

“They are basically telling all teachers across the trust that from now on they will no longer be able to teach whatever they had planned for that day,” she said.

Suddenly, everything from student books to fire safety had to be done on paper as staff worked day and night over the holidays to bring systems back online safely.

Brockington school librarian Elizabeth Elliott says she is now searching for more than 100 overdue books after losing access to her online records.

Even the school’s catering facilities were affected, and the computer systems responsible for accepting payments for school meals were also taken offline.

Tenth grader Archie said the length of lunch lines had doubled overnight.

“The teachers had to write down everyone’s names, what they got and all the prizes,” he said.

“It took about twice as long for everyone to finish, and some people didn’t get the food they wanted because the break time just wasn’t long enough.”

image description, School librarian Elizabeth Elliott is looking for more overdue books after she lost access to her records in the cyberattack

Isaac, in Year 9, says his homework is still affected two months after the attack as the app they use is not yet fully back online.

“There was just so much we couldn’t do,” he said.

“All in all, it just made the job more difficult.”

The type of cyberattack that increased the most across industries between late 2022 and 2023, according to the ICO, was ransomware, with incidents increasing by 170%.

In a ransomware attack, hackers block access to a school’s computer records, including sensitive personal information, and demand money while threatening to publish them online.

The attacks are often carried out by organized criminal gangs based abroad.

Ms Mullins now says she wants school leaders to talk more openly about how to deal with such incidents.

“I think leaders of multi-academy trusts and school leaders don’t talk about it enough,” she said.

“Collecting student data, school data that is very personal, and then sending a ransom note is something that we certainly don’t have enough training to do at the start of your career – but it’s definitely something you need to know about.”

‘To become happy’

A few miles away, in South Derbyshire, the de Ferrers Trust was hit by a near-simultaneous but separate cyberattack, causing two of its schools to close.

They were the subject of a “brute force” attack, in which hackers repeatedly attempt to crack passwords or login credentials.

Trust CEO Kathy Hardy likened the method to “a car thief walking down the street, trying out door handles and getting lucky.”

Both Granville Academy and Pingle Academy in Swadlincote were forced to remain closed for another day after the Easter holidays while all systems came back online.

“You don’t realize how much you rely on technology when it comes to the systems it affects,” said Michelle Oliphant, head of Granville Academy.

“It makes me very angry because the education system is under a lot of pressure at the moment and this is an unnecessary hindrance that is impacting on students and that is really unfair.”

image description, Michelle Oliphant, head of Granville Academy, says schools rely heavily on technology to support student learning

Paul Alberry, CEO of Secure Schools, said the concept of managing cybersecurity risks is relatively new to most schools.

“IT teams have never had to operate and defend at this level before,” he said.

“Schools are increasingly relying on technology to process the data they need to operate – and sometimes that is just as important as keeping the doors open and keeping children safe.”

He said both school management and specialist IT staff should be involved and know what to do in the event of a cyberattack.

But tight school budgets limit how much foundations can invest in cybersecurity measures to keep hackers out, he said.

A DfE spokesman said the government was increasing funding for schools to “the highest level ever achieved in real terms per pupil to help school leaders cover their costs”.

An ICO spokesperson said their data suggests cyber threats are increasing year on year, but said they had “a wealth of free advice and resources” available to help schools keep their systems secure .