The UK’s National Cyber Security Centre (NCSC) is expanding a free cyber defence service to all schools across the country, helping the heavily at-risk education sector enhance its resilience at no cost.
The expansion follows a successful roll-out of the NCSC’s Protective Domain Name Service (PDNS) for schools in 2023, and the enhanced service will now be available to multi-academy trusts, academies, independent schools and school internet service providers (ISPs). The NCSC said it wanted all schools, regardless of resource or status, to benefit.
Delivered in partnership with Accenture and Cloudflare, PDNS is designed to block access to a constantly evolving list of websites that are known to be malicious, preventing users from accessing domains that might be being used to host nasties such as malware, ransomware or spyware.
“With a growing range of cyber threats, it has never been more important to protect our educational environments from online threats,” said Sarah Lyons, NCSC deputy director for economy and society.
“The PDNS for Schools service offers a crucial layer of protection, helping schools defend against common online threats, at no cost. I encourage all schools to take advantage of this opportunity to strengthen their cyber resilience and ensure a safer digital future for students and staff alike.”
Stephen Morgan, Department for Education
Stephen Morgan, minister for early education at the Department for Education, added: “I know how important it is that our schools, colleges and nurseries are protected from online threats, and our work to help these settings improve their cyber security never stops.
“We have worked closely with the National Cyber Security Centre on this service to ensure all schools can now benefit from enhanced cyber resilience at no cost to them and I encourage settings to take advantage of this enhanced protection.”
Uniquely vulnerable
Schools, and universities as well, are emerging as uniquely vulnerable to the machinations of cyber criminals and threat actors, as a recent Microsoft Cyber Signals report demonstrated.
Not only do schools hold a wealth of data on the children in their care, but they are also an “industry of industries” with a huge attack surface comprising not merely teachers, but administration, food service, janitorial and more.
A great variety of curricular and extra-curricular activities, disparate IT systems and resources, remote learning provisions, and users as young as four or five, create a “highly fluid” environment for attackers. Indeed, Microsoft found that many attackers are actively using schools and universities to test drive new toys.
In the UK specifically, a recent study by sector regulator Ofqual found 34% of schools and colleges in England had experienced a cyber attack or incident in the past 12 months, with phishing against staff or students the most common entry point for threat actors.
Of those, a fifth were unable to recover immediately and 4% took more than half a term to get back on their feet. Some 9% of the headteachers surveyed by Ofqual said they had been “critically” damaged by it.
Ofqual also reported that a third of teachers had had no cyber security training in the past 12 months, and of those that had, only two-thirds thought it was useful.
“Losing coursework that is the result of many hours of hard work is every student’s nightmare. Even more distressing is losing a whole class or year group’s coursework because of weak cyber security on a school or college IT system,” said Ofqual executive director of general qualifications Amanda Swann.
“Many schools and colleges take cyber security seriously, but this poll highlights that there is more to be done. I would encourage schools and colleges to visit the National Cyber Security Centre’s school resource guide to learn how to defend against cyber attacks,” she said.
Wider offer
The NCSC’s enhanced PDNS for Schools service sits alongside a wider cyber security offer of advice, guidance and tools that is already available.
Schools eager to sign up for PDNS should ask their DNS provider to register via MyNCSC.