The rising threat of cyber security attacks. There will also be university staff, some with access to strategic, confidential or sensitive research, whose contact details and research interests are easy to find on the university website, providing malicious actors with everything they need to craft a highly tailored phishing attack. A couple of recent reports I’ve looked at highlight the extent of threats that universities and higher education establishments face from cyber-attack. To start, here are the top five cybersecurity threats schools face and how you should prepare: 1. Interview: Alan Woodward, Visiting Professor, University of Surrey, NCSC: Nation State University Attacks Could Harm UK, Top Ten: Things Learned from the NCSC Annual Report, Have an intelligent, layered security solution in place. Increasing threats from social engineering attacks demand a strengthening of the ‘people perimeter’, writes Peter Carthew, director UK public sector at Proofpoint People have become the perimeter for any organisation when it comes to cyber security. Cyber crime is hard to see and touch, it’s growing fast and universities are especially exposed to its impacts, as the recent publication of a report by the NCSC shows. Sophos recommends that as soon as practicably possible, university IT teams or their outsourced partners review the configuration and software update status of infrastructure and devices put in place at the start of lockdown – and correct anything that they missed before. Why Are Organizations Failing to Report Cybercrime? When universities aren't centralized, it's more challenging to to govern data security, Turner said. Attackers are quick to exploit any gaps in defences, whether they are technical or human. Universities and colleges are being warned by the UK's cyber-security agency that rising numbers of cyber-attacks are threatening to disrupt the start of term. Since passwords are one of the biggest points of vulnerability, one of the simplest yet most effective way to... VPN. It’s time to take state-sponsored cyber attackers seriously, Foxing the phishers remains a constant dog fight, From the battlefield to the boardroom, influence and teamwork are key to building information security, Firmly putting cyber security ‘on the radar’ - Cyber Essentials for education and research, Libraries, learning resources and research, Required all staff to undertake General Data Protection Regulation (, Moved all at-risk IT systems under central control, Increased the level of password protection, Acquired specific cyber crime insurance cover, Added a cyber security risk to our risk register. The key cyber threats to UK universities are highly likely to be: Criminals seeking financial gain Nation states looking to steal personal data and intellectual property, for strategic advantage BA will also be aware of the reputational and brand damage associated with the breach, and potential litigation. As cyber criminals become increasingly sophisticated and cybersecurity threats continue to rise, organizations are becoming more and more aware of the potential threat posed by third parties. Combined with the fact that the security of universities may be seen by an attacker to not be especially advanced, this makes them an attractive hit. Twenty-five percent of them were vulnerable. In the aftermath, BA not only had to deal with the financial costs of investigating the breach, but the cost of additional security (eg penetration testers, consultants, security vendors, public relations and legal advice). Fortunately, there are practical things that IT security teams can do to strengthen or recover their defences, and many organisations able and willing to help. Find out more about our cyber security offering or join us in Newcastle for the Jisc security conference 2019 on 5-6 November 2019. All this is a major distraction for companies, impacting their overall strategic aims and objectives – something we should all consider when drafting resilience and business continuity plans. The important thing is to do it now. These include disruption to the functioning of a university network, through to more general and targeted attempts In a recent study, Tinfoil Security tested the networks of 557 state universities with a cross-site scripting (XSS) attack. Read more here. Cloud-based Cybersecurity. Employing a virtual private network (VPN) allows universities to encrypt their network, ensuring they have no... Antivirus. Here’s a short checklist that might help: The targeting of the education sector, students and staff by cyber-attackers is reprehensible at the best of times, to exploit the impact of the pandemic for criminal advantage is even more inexcusable. Cybersecurity challenges abound in higher education. Many senior university leaders and board members are increasingly worried about the rising threat of cyber security attacks. How many senior leaders know what these are and what risks each poses to their organisation? The Australian government has also created some useful tools to help companies assess and prepare for cyber security threats. Ideally a security solution that has proactive and reactive protection and detection capabilities; where different parts can communicate with each other to provide your team with greater visibility into the security posture of the network at any time; and which offer an automated response to threats rather than just sharing a mountain of event logs for the IT security team to wade through, Ensure that all data travelling from server to server (east-west traffic) across the network is protected, Remember that responsibility for the security of data and infrastructure in the cloud is a shared one, treat anything in the cloud as if it was in the room next to you, Have robust access controls for anyone connecting to the network. The features that help universities to collaborate and thrive, such as open, information-rich websites, ubiquitous connectivity and collaborative platforms for students and staff - also leave them particularly vulnerable to cyber-threats. Elsewhere, UK universities in the race to find a vaccine for COVID-19 have found themselves the target of hostile state hackers. This article explores the cybersecurity threats that the higher education space faces, as well as a range of solutions that can help colleges and universities combat future attacks. Cyber security has long been a challenge for universities, and demonstrating that you take it seriously is now a prerequisite of grant funding and government contract applications. There is a very good reason for this. While college leaders will no doubt have welcomed the recent announcement of £400 million in government funding, the boost comes as the first increase to base rate funding for students since 2013.It’s clear that resources have been limited and staff spread thinly as a result. In 2016, Greenwich had two security breaches that were of sufficient seriousness that they needed to be reported to the Information Commissioners Office (ICO). Tweet. These systems have very large numbers of users and deal with very valuable and sensitive information. "In a world of escalating threats and attacks -- universities have a responsibility to address security with their students," he says. Have you commissioned an honest and detailed independent assessment of your vulnerability to cyber security threats? Secondly, we had to respond quickly to ensure that similar breaches did not occur again. In the aftermath of these data breaches we took a number of specific actions: Similar problems also occur in the corporate world and over the course of the past 18 months, some of the biggest, most widespread, data breaches in the history of the Internet have hit the headlines. This should include phishing simulation tests to show them what a phishing email looks like. Do you have a good understanding of cyber security threats and their potential impact? In the case of the BA data breach, some 380,000 credit card transactions were taken and the initial fine was £183m. That said, with a degree in cyber security you’ll set yourself in an endless pool of highly paid jobs and challenging careers. Have you considered adding cyber security to your risk register? while some university and college leaders are confident they have a high-level executive view of cyber security, many are concerned that they need to know more. Professor David Maguire is chair of Jisc, appointed in May 2015. it is clear that cyber security is a critical business risk for universities and colleges, so it is vitally important that senior executive teams and governing bodies have a grasp of its significance. Academic institutions can also be subject to malicious – or even just mischievous – insider attacks from disgruntled students or staff, for example. Unsecure personal devices. Universities have no choice but to take notice of what is now a very real threat, and ensure they have the necessary security measures in place to protect themselves against cyber criminals. Link Security At any university, thousands of people are likely to be using personal, often unsecured or unpatched devices such as laptops and smartphones to connect to university networks either direct or via VPN, and using them to access and store university data. 3. Wagdy Sawahel 08 June 2020. 8. -- As concerns over the security of online data mount, Indiana University has launched a Cyber Security program that monitors threats to Is it worth investing in cyber insurance? Dealing with cyber security threats to universities and colleges, (If you're a human, don't change the following field), ‘VLE success is not about tech, it’s about practice and people’, Let’s ‘build back better’ on post-COVID digital transformation, How technology can help your brain work smarter. The Cyber Security Risk Self-Assessment Tool is a 20-minute test that will help gauge if your business is a likely target for cyberattacks, and show how developed your current cyber security practices are. The approaches to implementing cyber security in higher education institutions. More cyberattacks coming from China, specifically targeted at colleges and universities, highlights how important cybersecurity defenses are for these institutions. Have all your staff been trained in information security and cyber security? Do you have a disaster recovery and business continuity plan in the event of a major cyber security incident and have you tested it. For defenders this means that data needs to be protected not just from outsiders at the perimeter, but everywhere inside the network too. Among them will be countless students with limited security training and awareness, easy prey for attackers looking to exploit human inexperience through social engineering tactics. A new project to enhance the cybersecurity of Australia’s universities will be headed up by RMIT’s new centre for Cyber Security Research and Innovation (CSRI) with the University Foreign Interference Taskforce (UFIT). This is a very serious, highly technical and rapidly evolving topic and, while some university and college leaders are confident they have a high-level executive view of cyber security, many are concerned that they need to know more. David Maguire. The BRC recently launched a cyber security ‘toolkit’ for retailers that provides businesses of all sizes with a practical, step-by-step guide to prevent and manage cyber security threats and protect the customers they serve.
2020 cyber security threats to universities