SonicWall’s Spencer Starkey uncovers why education needs enhanced cybersecurity

In an era where digital transformation is reshaping every aspect of our lives, the cybersecurity landscape is evolving at a rapid pace.

SonicWall’s 2025 Threat Report reveals worrying data that underscores the urgency of this evolution: over 26 new variants of never-before-seen malware are being created every single hour, daily. This alarming figure not only highlights the relentless innovation of cybercriminals but also serves as a call for enhanced cybersecurity measures, particularly in vulnerable sectors such as education.

The education sector is a data goldmine

Educational institutions have emerged as prime targets for cyber attacks, and it’s clear why. Schools and universities are powerhouses of data, housing vast repositories of sensitive information that range from personal details of students and staff, to groundbreaking research data.

This wealth of information, combined with often inadequate cybersecurity defences, makes the education sector an irresistible target for malicious actors.

The vulnerability of educational institutions is further exacerbated by several factors. Limited budgets often result in cybersecurity taking a backseat to other priorities, leading to weaker protective measures compared to other sectors. Moreover, the potential for identity theft and financial fraud using stolen educational data is significant, making these institutions even more attractive to cybercriminals.

The rising tide of cyber threats

SonicWall’s report paints a grim picture of the current cybersecurity landscape. In 2024, a staggering 210,258 ‘never-before-seen’ malware variants were detected, averaging 637 new variants per day. The Internet of Things (IoT) became an increasingly vulnerable frontier, with attacks jumping by 124%, while encrypted threats climbed by 93%.

Perhaps most alarming is the financial impact of these attacks. The average ransomware payment reached $850,700 in 2024, with total related losses often exceeding $4.91 million. For educational institutions already grappling with budget constraints, such financial blows could be catastrophic.

The imperative for stronger guardrails in education

The education sector’s vulnerability to cyber attacks is not merely theoretical. Recent statistics from the UK government reveal that over a third of English schools and colleges experienced a cyber incident in the 2023/24 academic year. This troubling trend underscores the critical need for stronger cybersecurity measures in educational institutions.

The stakes could not be higher. Educational institutions sit at the very centre of our society, shaping the minds that will lead our future. Students, teachers, and parents need to trust that their sensitive information is being safeguarded. A breach of this trust could have far-reaching consequences, not just for individuals but for the integrity of the educational system as a whole.

Government initiatives and industry recommendations

Recognising the urgent need for enhanced cybersecurity in education, governments and industry leaders are stepping up. The UK’s National Cyber Security Centre (NCSC), part of GCHQ, has extended an enhanced cyber resilience service to all schools in the country. This service aims to prevent access to known malicious websites and limit exposure to domains hosting malware, ransomware, and spyware.

However, government initiatives alone are not enough. Individual educational institutions must take proactive steps to bolster their own defenses against the rising tide of cyber threats. This includes carving out investment in robust cybersecurity measures, despite budget constraints. Regular staff training on cybersecurity best practices and the latest threats is crucial, as is the implementation of multi-factor authentication to add an extra layer of security to user accounts.

Keeping systems updated and regularly patching known vulnerabilities is another critical step. Implementing regular, secure backups of critical data can mitigate the impact of potential ransomware attacks. For institutions lacking inhouse expertise, engaging with managed service providers (MSPs) or managed security service providers (MSSPs) can provide access to specialised knowledge and advanced security solutions.

The path forward

The battle against cyber threats is ongoing, and there isn’t a silver bullet solution. However, by implementing stronger guardrails, investing in advanced security solutions, and fostering a culture of cybersecurity awareness, schools and universities can significantly reduce their vulnerability and ensure a safer digital environment for all stakeholders.

In this age of rapid technological advancement and equally rapid threat evolution, complacency is not an option. The time for action is now. Educational institutions must rise to the challenge, embracing a proactive and comprehensive approach to cybersecurity. Only then can we ensure that our centres of learning remain bastions of knowledge and innovation, rather than becoming casualties in the ongoing cyber war.

Spencer Starkey is Executive VP of EMEA at SonicWall, delivering real-time cybersecurity breach detection and prevention solutions. Connect wth him here: https://www.linkedin.com/in/spencer-starkey/