As schools become more technically advanced, unfortunately, so do cybercriminals. Based on our work with schools in 2023 and the latest trends, here are our three cybercrime predictions for 2024 and tips on staying safe.
1. Use of artificial intelligence by hackers
Phishing emails are already tricky to spot, with criminals creating more sophisticated messages. Add AI to the mix, and cybercriminals can quickly produce convincing emails that are even more realistic.
It doesn’t stop there; AI can and will be used to clone voices. All the criminals need is a few short recordings of your voice to create convincing vishing calls.
Tips to stay safe
In 2024, errors in phishing emails may be few and far between, but the tone of the message could still seem strange and awkward. Also, look out for American spellings that the real sender is unlikely to use.
Other than the quality of the content, the different ways to spot social engineering will still apply. Always consider whether you are expecting the message and if it is asking you for personal information such as login details. Your best defence is to slow down. Take sufficient time to consider the legitimacy of a message. If you are busy, leave it and review it when you have more time.
If you receive a call that sounds like the right person, but something doesn’t seem quite right, hang up and call them back on the number you have for them.
2. Even more supply chain attacks
In 2023, 52% of organisations had a supply chain hit with a ransomware attack. This is when a supplier, such as a software provider, is hit, resulting in all of their customers being unable to access their service. Successful supply chain attacks are the gold medal for cybercriminals looking to cause as much disruption as possible.
Tips to stay safe
Cybercriminals will take advantage of vendors with weak defences. It’s critical to ask vendors about their cyber security stance and how they are protecting your data, and if you are not comfortable with their responses, choose a different supplier.
3. Growth in cloud-based ransomware attacks
This kind of attack targets vulnerabilities in cloud-based technologies, and as more schools move to the cloud, the more exposed they become. Attackers look for leaked credentials, misconfigured security settings and insecure APIs. This can give attackers access to your data, enabling them to copy the data (known as exfiltration) and then encrypt the original data. Attackers then threaten to publish your data on the dark web unless a ransom is paid.
Tips to stay safe
We work with many schools that assume their cloud providers are responsible for backing up this data. This is frequently not the case, and customers are expected to take their own backups under terms commonly described as a “shared ownership model”. If your supplier is hit with a cyber-attack, having your own backups gives you a copy of the data and for any other times when the cloud-based system isn’t available.
How Secure Schools can help
Our suite of products and services are designed to meet the needs of schools and school groups, whatever stage you’re at in your cyber security journey. Book a meeting with a member of our team to understand your needs and recommend where to start. Email them here.
Coming to the Bett Show?
We're on stand SE50. Email us to book a meeting, or come to see us when you're there.