Securing Education Summit

Protecting pupils, payments, personal data and intellectual property

20th November, 2024 • Online

The education sector is large, complex and connected. How can security professionals deliver defence while maintaining BAU?

 

Protecting pupils, payments, and IP

In February this year, the universities of Cambridge, Manchester, and Wolverhampton have been hit by cyber-attacks in what appears to be a targeted campaign by the Anonymous Sudan hacker group.

In a post on X, the University of Cambridge's Clinical School Computing Service said that 'multiple universities' were experiencing a Distributed Denial of Service (DDoS) attack and warned that internet access was intermittent.

This attack highlighted the vulnerability of organisations in the sector as well as their attractiveness as a target not simply to economically motivated hackers, but to hacktivist and nation-state actors.

And it’s not just universities. In June, Billericay School in School Road wrote to parents saying that the school had fallen victim to a “significant cyber malware attack”, which shut down their IT network. The school was totally closed to students in years seven, eight, nine and 12 except for examinations and revision classes.

And in May, Embrace Multi-Academy Trust CEO Sharon Mullins said her schools were still feeling the effects of a cyber attack, which happened just before Easter.

The government recognizes the issue and has released data quantifying it. For example:

  • Primary schools are relatively close to the typical business in terms of how many identify breaches or attacks - 52% identified a breach or attack in the past year.
  • All other types of education institutions are more likely to have identified cyber security breaches or attacks in the last 12 months than the average UK business.
  • 71% of secondary schools identified a breach or attack in the past year.
  • Further education and higher education institutions are more likely to experience breaches and attacks than schools, and to experience a wider range of attack types, such as impersonation, viruses or other malware, and unauthorised access of files or networks by outsiders.
  • 86% of further education colleges identified a breach or attack in the past year.
  • Higher education institutions are more likely to be affected by cyber-attacks - 97% identified a breach or attack in the past year. Just under six in ten of the higher education institutions identified that they had been negatively impacted by a breach.

 

So how can organisations harden security and build resilience as threats multiply?

 

The e-Crime & Cybersecurity Education Summit will look at how we all need a new kind of security for our educational establishments. Join our real-life case studies and in-depth technical sessions from the security and privacy teams in the sector.

View details of the previous event

  • Defeating ransomware and malicious malware

    • The NCSC still assesses that ransomware remains one of the greatest cyber threats to UK CNI sectors.
    • In other words, the threat of malicious malware has still not been adequately confronted and, in the context of CNI, the losses can be catastrophic.
    • Forget about basic cyber hygiene and awareness, how do we protect the UK from this?

  • From security to resilience

    • If security cannot be guaranteed, and attackers will eventually succeed, then you need to decide what that success looks like.
    • Resilience is being able to maintain at least the minimum viable organization and, in CNI, it means maintaining the level of service required to keep the country running.
    • How can you help with critical resilience?

  • Maximising the utility of threat intelligence

    • The UK's NCSC highlighted emerging threat to CNI.
    • Attack surfaces are increasing and geopolitics are expanding the range of threat actors and types.
    • How can organisations make the best use of threat intelligence to genuinely reduce their risk of breach?

  • The answer really is zero trust, isn’t it?

    • Look at the key security and resilience challenges: ransomware, third-party, malicious insider, and the rest.
    • None of them have been solved by better technology or better awareness or better security culture. And AI and OT insecurity will make things worse in CNI.
    • Unless we decide to abandon the public internet, and take security seriously, then zero trust is the only answer. So, how to get there quickly?

  • Evolving incident response: lessons from the past

    • CNI organisations need well-rehearsed playbooks, Boards who have experienced realistic war games, to be battle-tested against sophisticated Red Teams and to pay attention to the successful attacks of the past and present.
    • How can you help them develop and hone incident response procedures that work?

  • Upskilling security teams

    • Organisations have limited budgets
    • The skills shortage in security staff growing
    • This dynamic affects the type of on prem security operation firms can employ
    • So how can CISOs continuously upskill their teams?

  • Why regulation will drive CNI security

    • Governments have ceded power to private sector organisations with more money, better agility and all the technology.
    • But as governments belatedly recognize their dependence on private companies to deliver the modern state, they will remember their power to regulate, control and even nationalize.
    • What are they thinking today?

  • Reducing your attack surface

    • Initially, digitalization was touted as a panacea for productivity, innovation, flexibility and agility.
    • It turns out that the rapid adoption of new technology and connectivity comes with new and complex costs.
    • When the delivery of a critical service is paramount, how do we re-engineer digital systems to prioritize availability and not privacy or ‘security’?

  • The dangers of digitalisation – securing IoT and OT ecosystems

    • “There continues to be a heightened threat from state-aligned actors to operational technology (OT) operators.
    • The NCSC urges all OT owners and operators, including UK essential service providers, to follow the recommended mitigation advice now to harden their defences.”
    • How can you help CNI-related companies harden their OT?

  • Securing third-party tech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • What about security vendors? What is your advice?

  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?

  • Detect / prevent malicious insiders

    • When nation-states decide that cyber-offense is justified, the world becomes strange.
    • One example: banks have been infiltrated by Chinese operatives who understand their control environments to commit financial and cybercrime.
    • CNI is under attack from these attackers and other compromised employees. How do we stop malicious insiders?

Who attends

Job titles

Senior Technical Analyst
Director, IT Operations
Senior Information Technology Project Manager
Head of Information Security
Technical Operations Manager
Operational IT Security Manager
Assistant Director IT for Technical Delivery and Information Security
Information Security Manager
​Senior NetOps Engineer
Director of Digital Services
Information Governance Manager
IT Manager
Assistant Director, IT Services
Security Analyst - Information Security
Director of IT
Associate Director of Information Security
Director of Cyber Security
Regional Information Technology Manager
SOC Lead/Manager
Programme Manager (Cyber Security)
Head Of Information Security
IT Project Office Manager
Networks & Communications Support Manager
Head of IT Customer Services/ Deputy Director
Information Security Manager
Data and IT Manager
Head of IT Infrastructure
IT Programmer
Information Security Manager
Research Data and IT Procurement Manager
Information Assurance Specialist
Head Of Information Security
Digital Projects Manager, Cyber Quarter
AD of IT and Digital, Infrastructure and Operations
Head of Information & Cyber Security
Head of Business Solutions
Cyber Security Officer
Assistant Director of Digital Services and Security
Head of IT service
Senior Network Engineer
Cyber Security Officer -
Director of Digital and IT Services
IT Technology Assistant
Income Section Manager
Head of Cyber Security Operations
Information Governance Officer
Assistant Director of Finance and Head of Financial Systems
IT Security
Senior Information Security Officer
Infrastructure & Security Manager
Technical Manager/Systems Engineer
Server Infrastructure Manager
Chief Information Officer
Information Technology Security Manager
Assistant Director of IT
Head of IT Service Operations
Information Security Manager
Information Technology Security Manager
Director - IT Services
Information Technology Infrastructure Engineer
Information Technology Engineering Manager
Cyber Security Analyst
Senior Network Engineer
IT Manager
Assistant Director, Support Services
Information Security Manager / Enterprise Security Architect
Risk Manager
Senior Information Compliance Officer
Head of Service Delivery
IT
Director of IT Change and Project Delivery Services
Acting Head of Cyber Security
Manager (IT Governance & Change)
Senior Infrastructure Specialist
Head of Information Security and Digital Compliance
Information Security Analyst
eCommerce System Administration
IT Systems Manager
Chief Information Officer
Director of Cyber Risk & Vulnerability
IT
Data Protection Officer
Information Security, Governance and Compliance Manager
IT Category Manager
Head Of Information Technology
Income Manager
IT Manager
Assistant Director of Information Services
Head of IT
Information Security Analyst
Information Security Officer ( Compliance )
Information Technology Network Manager
Head of Information Security
IT PMO Team Lead
Information Technology Support Manager
Head of Governance Risk & Compliance, Information Security Group
Head of Cyber Security
Information Governance Officer

Educational institutions

Durham University
The Open University
London School of Hygiene and Tropical Medicine
University of Surrey
University of Roehampton
University of East Anglia
Birmingham City University
University of Plymouth
Kaplan Financial
University of Wolverhampton
Teesside University
Imperial College London
University of Reading
Manchester Metropolitan University
Newcastle University
King's College
Durham University
E-ACT
Imperial College London
University of Surrey
University of the West of England
University of the West of England
Staffordshire University
London School of Economics
University of Aberdeen
Diocese of Bristol Academies Trust
University of Bradford
St Mary's University
University of West London
Royal Veterinary College
Manchester Metropolitan University
BPP Holdings Plc
University of Wolverhampton
Manchester Metropolitan University
Harris Federation
Nottingham Trent University
Newcastle University
University for the Creative Arts
E-ACT
Liverpool Hope University
Newcastle University
University for the Creative Arts
University of Bristol
Newcastle University
University of Oxford
Teesside University
London School of Economics
City University of London
University College London (UCL)
University of Cumbria
University of East Anglia
London Metropolitan University
Harris Federation
Education Authority (Northern Ireland)
Bournemouth University
University of Plymouth
City University of London
University of Liverpool
University of Roehampton
Kaplan Financial
University of West London
University of East London
Liverpool Hope University
London School of Economics
University of Wolverhampton
University of Plymouth
Imperial College London
King's College
London Metropolitan University
University of Bradford
University College London (UCL)
Coventry University
Teesside University
University of Central Lancashire
Coventry University
Cranfield University
University of Reading
London School of Economics
Queen Mary University of London
The Open University
University of Sussex
Arden University
EF First Education
University College London (UCL)
Linacre College, Oxford
University of Sheffield
University College London (UCL)
University of Brighton
Middlesex University
Manchester Metropolitan University
Newcastle University
Unity Schools Partnership
University of Birmingham
University of Exeter
University of Brighton
University College London (UCL)
Arden University
Newcastle University

Industries

Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education
Education