The National Cyber Security Centre (NCSC ) of the UK is expanding a free cyber defense service to all public schools, helping the highly vulnerable education sector improve its resilience at no cost.
The expansion follows a successful roll-out of the NCSC’s Protective Domain Name Service ( PDNS ) for schools in 2023, and the enhanced service will now be available to multi-academy trusts, academies, independent schools and school internet service providers ( ISPs ). The NCSC said it wanted all schools, irrespective of resource or status, to benefit.
Developed in collaboration with Accenture and Cloudflare, PDNS is designed to prevent users from accessing domains that might be used to host nasties like malware, ransomware, or spyware by blocking access to a constantly evolving list of websites that are known to be harmful.
It has never been more crucial to protect our education environments from online threats, according to Sarah Lyons, NCSC deputy director for economy and society.
” The PDNS for Schools service offers a vital layer of protection, helping schools defend against common online threats, at no cost. I urge all schools to take advantage of this chance to improve their cyber resilience and make their students ‘ and staff’s lives safer online.
Our efforts to improve the cyber security of our schools, colleges, and nurseries always stop. It is crucial that these settings be protected from online threats.Stephen Morgan, Department for Education
The Department for Education’s minister for early education, Stephen Morgan, stated,” I know how crucial it is that our schools, colleges, and nurseries are protected from online threats, and our work to improve these settings ‘ cyber security never stops.
We have collaborated tightly with the National Cyber Security Center to make sure that all schools can now receive enhanced cyber resilience for free, and I urge other settings to take advantage of it.
Truly susceptible
As a new Microsoft Cyber Signals report demonstrated, schools and universities are both becoming particularly prone to the machinations of cybercriminals and threat actors.
Not merely do schools hold a wealth of data on the children in their care, but they are also an” industry of industries” with a massive attack surface comprising not merely teachers, but administration, food service, janitorial and more.
A great variety of educational and extra-curricular activities, diverse IT systems and resources, remote learning provisions, and users as young as four or five, create a” very smooth “environment for attackers. In fact, Microsoft discovered that several hackers are using universities and schools to test drive brand-new toys.
In particular, according to a recent study by sector regulator Ofqual, 34 % of English schools and colleges had been the victim of a cyberattack or incident in the last 12 months, with phishing against staff or students the most prevalent entry point for threat actors.
A fifth of those were able to recover right away, and 4 % needed more than half a term to recover. Some 9 % of the headteachers surveyed by Ofqual claimed to have been” critically damaged” by it.
Ofqual also discovered that even two-thirds of teachers who had received virtual security training in the previous 12 months thought it was useful and that a third of teachers had had no such training.
” Losing coursework that is the result of numerous hours of hard work is every student’s nightmare. Due to poor cyber security in a school or college IT system, “astetter” said Ofqual senior director of general qualifications Amanda Swann, who also oversees the course work for a full class or year group.
This survey reveals that there is more to be done, despite the fact that “many schools and colleges take cyber security really.” She said,” I would urge schools and colleges to consult the National Cyber Security Centre’s school resource guide to learn how to prevent cyberattacks.”
Wider offer
A wider range of cyber security resources, advice, and tools are now available, and the NCSC’s improved PDNS for Schools service complements this.
Schools who want to participate in PDNS should contact their DNS service provider to request a registration via MyNCSC.
