The Educator Magazine U.K. May-August issue - Magazine - Page 24
Camellia Chan, CEO and co-founder of X-PHY
Education is one of the most targeted
industries for cybercrime globally. In fact,
organisations face a staggering average of
3,086 attacks every week – more than any
other sector. This crisis in digital safety will
only grow unless cybersecurity is prioritised.
Many schools operate on a patchwork of old
and new technology, with legacy systems
that are difficult to update and inherently
more vulnerable. These outdated
infrastructures create security gaps, which
cybercriminals actively exploit. In an age
of artificial intelligence (AI) – where
cybercriminals use the tech to enhance
their tactics – the threat looms even larger.
The consequences of a cyberattack on a
school can be drastic, impacting real lives
with disrupted learning and distress for
students, parents and staff. Earlier this year,
classes at the Netherlands’ Eindhoven
University of Technology were cancelled
after hackers were able to breach the
university’s networks.
Schools need to treat cybersecurity like it
is the most important test they’ll ever take
and embrace a holistic approach to defence
that ensures they get an A* every time.
Back to basics
The fundamentals of security start with
the understanding that cybercriminals are
always inventing new ways to attack, always
becoming more sophisticated and always
just around the corner. Failure to
recognise this means the education sector
has become a primary target. More than
a third (34%) of schools and colleges in
England have experienced a cyber incident
in the last academic year.
Several factors contribute to the rising
threat. For one, schools hold extensive
personal data, including student records,
financial details and staff information,
making them an appealing target for all
types of attacks including ransomware,
phishing scams and data breaches.
Limited IT budgets and expertise have
resulted in an unfortunate combination
of mismatched outdated digital systems
for administration, communication and
learning plus a lack of dedicated IT security
personnel.
There is also the fact that schools face the
unique challenge of BYOD risks since
Why schools
deserve better
security – and
how to get there
students and staff often use their own
laptops and phones for work (as opposed
to company-issued devices). BYOD sets up
a myriad of endpoints outside of a school’s
security hub, meaning it is impossible to
monitor all devices. Experts agree that
“bring your own device (BYOD) risk is one
thing in a corporate environment, but it's an
entirely different beast at schools”.
The AI conundrum
The rise of AI is also changing the game for
cybersecurity. On the one hand, AI lowers
the barriers of entry for cybercriminals.
It enables them to craft more convincing
phishing attacks, create deepfakes,
automate malware design and evolve their
tactics at an accelerated pace. Gartner said
in a recent study, “malicious actors are
exploiting generative AI to launch attacks
at machine speed.”
At the same time, AI will play a critical role
in protecting the education sector.
Institutions should integrate a multi-layered
cybersecurity approach that includes AI
tools to help secure the entire life cycle of
an attack – from incident detection to
response and recovery.
You can’t reach full potential with
software-only security
While the tools and tactics used by
cybercriminals advance rapidly, many
schools are stuck primarily depending on
software-based cybersecurity measures,
such as firewalls, antivirus programs and
endpoint detection systems alone.
While these tools play an essential role in
safeguarding the external network layers,
they have several limitations. Software
security solutions are inherently reactive,
only capable of detecting known threats,
leaving schools exposed to AI-driven zero
day attacks that can bypass traditional
defences. Phishing remains one of the most
effective attack methods. For example, just
this year, a phishing campaign exploiting
Microsoft’s legacy ADFS identity solution
targeted the global education sector. Even
the best software cannot prevent a staff
member or student from clicking on a
malicious link.
Additionally, software requires regular
patches and updates to remain effective.
While not an issue exclusive to schools, the
fact is organisations too often delay updates
due to resource limitations, leaving
vulnerabilities exposed. To mitigate these
risks, schools need a more durable
cybersecurity framework that goes beyond
software alone.
Achieving ’zero trust’ with AI-driven
hardware security
With AI-powered cyber threats on the rise,
software-based defenses alone are no
longer enough. Schools need to assume
that every user, device, and network
connection could be compromised.
This is the foundation of zero trust security –
a framework that ensures no one is granted
access by default. Many institutions attempt
to implement zero trust through software
but this approach is incomplete without
hardware-based security. AI-driven
hardware that is built directly into devices
adds an extra layer of protection that
operates independently if the software fails.
AI hardware solutions provide automated
threat detection, continuously monitoring
for anomalies and responding to threats in
real-time without human intervention.
At the physical layer, they also offer
protection against insider threats, making
unauthorised access far more difficult.
With this approach, educational institutions
will have round-the-clock security that
pre-empts attacks before they have a
chance to cause harm. Moving from reactive
to proactive defences will be a critical step
towards stopping cybercriminals.
A call to action
The reality is that cybercriminals will
continue to target schools as long as
vulnerabilities exist. Traditional security
measures are insufficient against
increasingly sophisticated attacks and the
education sector must evolve to meet
these challenges head-on. To build a safer
digital environment, schools must
implement a layered security strategy that
goes beyond basic cyber hygiene. Educating
staff and students about cybersecurity
practices to reduce human error and
regularly conducting system updates and
security audits is the bare minimum.
By adopting a holistic approach that
integrates both software and AI-infused
hardware, schools can achieve a genuinely
zero-trust cybersecurity posture that creates
a secure future for students, staff and the
broader education community. The time to
act is now before the next attack strikes.
