During 2016, malware was often grabbing the headlines, as cyber criminals searched for soft targets. Last year we read about how hospitals were having to resort to using paper and pen to process patients. It seems as though cyber criminals have found a new line of attack, schools. This is worrying since the education sector is unlikely to have IT directors, never mind security professionals. Is it time to re-think how security can be provided as a managed service?