SA schools targeted by cyber security threats

Johannesburg, 19 Oct 2021
Read time 7min 00sec
Thomas Rich, Regional Channel Manager, SYNAQ.
Thomas Rich, Regional Channel Manager, SYNAQ.

South African schools are facing a twofold risk – one from the COVID-19 virus itself, and a second from a significant increase in cyber attacks that are focused on schools because they present as targets to cyber threats during a time that cloud-based services require the right fit e-mail security and data protection strategy!

According to Thomas Rich, SYNAQ regional Channel Manager, as a SaaS e-mail provider, SYNAQ has first-hand feedback and experience regarding the increase in cyber security risks that schools face.

“Although cyber security attacks were rife in schools and universities prior to COVID, their vulnerability has increased in the past 18 months, as the pandemic has meant schools have had to adapt to more frequent e-mail use, and online teaching methods, lessons or link-based assignments have made the IT infrastructure more complex. With over 90% of all cyber attacks being initiated via e-mail, all these interaction points hold an increased level of risk if a school does not protect its staff, students and parents when they interact with e-mail communication on their e-mail platform,” Rich explains.

Recent incidents have included social engineering attacks on our local universities in Mpumalanga, and link-based ransomware attacks on schools in the Eastern Cape that resulted in at least two being locked out of their data for over a year. This is done by cyber criminals using links that show a trusted website, but their unsuspecting mail user is unaware of the malicious link and the attempt to access school or parent data that can then be encrypted and only unlocked with the attacker decryption key.

More specifically, an example of these attacks included a private KZN school, which was the subject of a mail spoofing attack in which an urgent COVID-19 fundraising e-mailer was sent by what looked like the school’s principal and sent out to all parents and members of the Old Boy’s Association. However, the principal knew nothing about the e-mail being sent and was a victim of social engineering or spoofing: the school’s e-mail platform had been hacked and the principal’s e-mail address used to deliver the fake request to raise funds for a seemingly worthy cause.

Rich says it’s not unusual for hackers to use the e-mail addresses of trusted or high-level employees to send spoof attacks as these e-mail senders have a good reputation and are trusted, offering cyber criminals tremendous leverage to commit cyber fraud.

It’s not only South African schools that are vulnerable; nor are attacks on schools and other educational institutions new. Research conducted in 2010 found that online learning systems already attracted the attention of cyber criminals who thrived on their ability to hack into such systems. Since then, our dependence on e-mail and online platforms has become more complex and security requirements need to be adopted as a priority.

However, the COVID-19 pandemic has proved a boon for cyber criminals. Since the start of the pandemic, the FBI’s Internet Crime Complaint Center reported a major increase in cyber security incidents. In addition, Google has reported a significant rise in COVID-19 related phishing attacks, which are compounding the challenge the company faces in dealing with over 240 million daily spam messages.

The recently published 2021 State of the Phish Report highlighted the dire consequences of successful phishing attacks: 60% of affected organisations lost data; 52% had credentials or accounts compromised; 47% were infected with ransomware; 29% were infected with malware; and 18% experienced financial losses.

According to the FBI, phishing was the most common type of cyber crime in 2020, affecting 75% of organisations around the world, with 96% of phishing attacks arriving by e-mail.

South Africa has not been spared. Rich says over the last 12 months – of the 2.65 billion e-mails that SYNAQ has processed, a staggering 1.18 billion represented a threat to our clients. This means that almost half of all mail processed had a level of risk to the recipient and required a comprehensive e-mail security service to effectively protect from the growing threat of viruses, malicious links, data leaks and phishing e-mails.

“Spam mail has always been the method of choice for virus delivery. Schools, which largely make use of free e-mail services such as Google and Outlook, have always had high levels of spam mail. However, the increase in phishing, ransomware and compromised accounts in schools over the past 18 months has been significant as cyber-criminals also exploit the pupils who are often unaware of the dangers of clicking on links and attachments without adequate scanning to confirm the links are genuine and secure,” Rich says.

Meanwhile, the advent of the Covid-19 pandemic has thrown schools into what has been, for most, an unfamiliar environment. As they scrambled to take their entire community – students, staff and parents – online, few have ensured they have the necessary security measures in place to protect their community, school domain/s and while ensuring all computers on site are virus free.

Rich points out that the communication tools used by many schools – Zoom or Teams, for example – are susceptible to intervention as they are initiated by a link within an e-mail. Spoof e-mails with fake online lesson links, for example, could precipitate a ransomware attack. Giving cyber criminals access to private information held in the school's database, including banking details, home addresses, identity numbers, cellphone numbers and so on of parents, committee members, donors, past pupils, teachers and other staff member comes with massive risk that needs to be resolved.

Rich maintains the most important step a school can take to protect itself from cyber attack with a cloud-based IT mindset is to employ the services of an e-mail security provider that offers a full complement of cloud-based e-mail security tools. This should include advanced link protection tools that scan for fake or unsecure links and validate links in e-mails as authentic or a threat.

He acknowledges that some schools might be reluctant to devote some of their tight budgets to this, but maintains the cost to protect its e-mail platform should be regarded in much the same light as the cost of insuring the school’s physical assets such as buildings, motor vehicles and teaching equipment and onsite hardware.

“This is particularly important when one considers that the cost of a successful cyber attack could be considerable. In addition, in terms of POPIA (Protection of Personal Information Act), schools have the same risks and obligations as corporates as well as a responsibility to ensure that staff admin, parent and scholar data is all secure and free of risk with mail protection. If our schools adopt e-mail security strategies that align with their budget requirements, the school will be free of cyber threats via e-mail. It will also ensure an environment in which all e-mail users are protected and transact using clean mail.

Fortunately, there are cost-effective local solutions available to protect e-mail users from in and outbound mailflow risks. It's up to our education providers and local IT service providers to ensure protection is provided by adopting a cloud-based e-mail security provider. An e-mail security provider can then monitor, block, notify and manage mail incidents based on their threat type while maintaining the integrity of the e-mail domain used by the school. After all, e-mail is the primary form of communication for our education providers and needs to be protected.

"Local schools and IT providers need to collaborate to ensure the best cyber security strategy is adopted, one that mitigates all cyber security threats while meeting the cost of service and high calibre of protection that schools require,” Rich concludes. 

See also