Navigating the Challenges of Cyber Attacks: Lessons from the de Ferrers Trust

Introduction

Across an education landscape increasingly in need of effective digital and technology strategy and leadership, the importance of having robust cybersecurity measures in place across a trust cannot be overstated. Cyber attacks pose a significant threat to the operational integrity and data security of academy trusts, often leading to widespread disruption and turmoil. It is therefore integral as part of a trust strategy, that sufficient preventive and mitigation measures have been identified and put in place. Trust leaders have a vital role to play in ensuring cyber security measures are in place and well understood across the organisation, as we outlined in this article last year. 

Recently, the de Ferrers Trust, which comprises seven schools and 5,500 pupils aged 3 to 19, experienced firsthand the disruptive impacts of a cyber attack on its organisation, providing valuable real-life insights into the challenges and responses involved in managing such a crisis. In this article Kathy Hardy, CEO of de Ferrers Trust, alongside Amy Taylor, COO, and Greg Hughes, the trust leader for digital strategy, share an in-depth account of their experiences of the attack, the immediate actions taken, and the lessons learned from the incident.

Detection and Initial Indicators

The first indications of the cyber attack appeared when an unusually high number of staff accounts were getting locked out, a common consequence of incorrect password attempts. Noticing the abnormal pattern, one of the trust’s IT technician teams investigated further and linked the issue to the remote portal site, which was flagged as suspicious. Greg, trust leader for digital strategy, explains, “we immediately contacted our broadband/firewall company, and they confirmed there had been thousands of attempts to access those accounts. They informed us that we were likely experiencing a brute force attack, where the attackers try countless password combinations to gain entry. At that point, we knew we had to take further action to stop the attack from progressing.”