Cyber Security in Higher Education is not just an IT issue

The freedom that technology now affords us allows us to share and send information, cyber criminals can originate from anywhere globally.

It also means that the types of people who carry out cyber-attacks are from a much broader spectrum than ‘conventional crime’, with organised crime gangs, hacktivists with political messages to get across, teenage hackers pushing boundaries in their bedrooms, and state-sponsored actors all featuring. This makes the risk and the potential for an attack, either to you personally or for your organisation, much greater.

READ MORE: Top Ten Cyber Security tips for staff and organisations

For higher education the cyber security threat is just as prevalent as it is for the commercial world. And in some respects it can be greater, for two key reasons.

Cyber Security in Higher Education - The Threat

Firstly, consider the open-source nature of university IT infrastructure, which allows for a collaborative environment and little restriction on access to information. This unfortunately means systems are a much easier target for cyber threats. A key example of this was the December 2015 DDoS (Distributed Denial of Service) attack on the UK Academic network, which prevented access to the internet and university networks for millions of students and staff across the country. 

Secondly, when we consider the assets that are at risk, HE provides a very attractive target. Information on staff, student data including financial and personal details, alumni data and research data can all be compromised or stolen. Then consider the numbers for each of these areas – as an example, the largest university in the UK has roughly 38,000 students enrolled. 

A published report of survey results carried out earlier this year by the cloud security developer VMware highlights what can be at stake for higher education institutes. 

The results found that 43% of respondents had been targeted by hackers who were trying to obtain student data such as exam results or dissertation material. 

A quarter of respondents also had intellectual property stolen, including research data, with 74% stating that research projects had been halted due to intrusion.

READ MORE: UK to get 1bn Cyber Security boost

In some cases the sensitivity of research being carried out posed a potential risk to national security. There are a multitude of attacks which are used to compromise potential targets; including phishing emails, ransomware and sequel injection attacks, and all have varying levels of impact depending on the severity or origin of the attack.

In reality, any attack can have devastating consequences for universities in regards to their reputation, huge monetary costs through direct theft or fines from the Information Commissioner’s Office, as well as loss and theft of data. The ongoing cost of fixing issues related to viruses or bugs in systems and networks is a further headache. 

Who is responsible for Cyber Security in Higher Education? 

Understandably, due to the technical nature of these types of threats, the cyber security issue has for a long time fallen to IT teams to address and manage. However, it has become clear that it must now be recognised at a senior management and board level if the issue is to be fully addressed. 

Acceptance of the potential risks and consequences at a senior level will be the only way that changes can be made and actions implemented for cyber security across multiple channels including staff awareness, prevention systems, monitoring and strategy. 

READ MORE: Cyber Security weekly news

As Tim Hearn, Director of UK Government and Public Services for VMware notes in the published report,

“Our higher education institutions from cybercrime is vital if the UK is to remain as one of the world’s top research and innovation destinations; it has to be a board-level issue.”

So, don’t just leave the security of your university assets to chance, because chances are you might be under attack right now. Do you have the systems in place to monitor and protect your organisation?

Our Cyber Security weekly news: 03/03/2017

This week has seen the publication of the UK Government Digital Strategy, which includes the aim to make the UK “the safest place in the world to live and work online”. The strategy has come up against mixed reviews, however.

Digital Strategy criticised by cyber security industry 

The Digital Strategy, published on 1 March by the UK Government, has been criticised for the lack of detail on cyber security. 

The one strand which covers cyber security, of the seven areas set out, aims to support the National Cyber Security Centre (NCSC) as the single point of contact for companies. It also repeated the need and support there is for active cyber defence, working with GCHQ they intend to target “anyone who would do the country harm”. 

cyber-security-news-london.jpg

The strategy also mentions the cyber security education programmes, aimed at helping bridge the gap on the skills shortage of cyber security professionals, and applying pressure addressing cyber security issues within organisations. 

Concerns from the cyber security industry show that people are not convinced the level of detail needed is there. 

Dr Jamie Graves, CEO at ZoneFox says, “Although the Government’s digital strategy is encouraging, currently the lack of detail is concerning”. 

“So far, the initiative fails to pinpoint factors such as how it will be measured to ensure its success. Britain doesn’t need any more strategic plans, it needs to start seeing tangible results.” 

Yahoo lawyer cyber security resignation 

An independent review of two major data breaches at Yahoo have culminated in the resignation of one of their top lawyers, Ronald Bell. 

The review found that the “legal team had sufficient information to warrant substantial further inquiry in 2014, and they did not sufficiently pursue it”. 

The hacks, which were only made public in 2016, brought huge disapproval against Yahoo for failure to safeguard users. 

It is thought that Bell has unfairly taken the stick for the fiasco, with CEO Marissa Mayer dodging the bullet. It has meant a $350 million reduction to the Verizon acquisition bid, as well as reported investigations from the FBI.  

Update Regarding Digitisation – from Project Management to Access Course, Jan 2017

The CoSector Digital Preservation team has unfortunately had to reschedule the upcoming Digitisation course which was slated to be held on 17th Jan 2017. The course will now be held in March 2017 instead.

We would like to apologise to all those who were interested in attending this month and we hope you can still attend in March. 

Please keep an eye on the News section and follow us on Twitter for further announcements.

Edward Pinsent and Steph Taylor, 
Digital Preservation Team, CoSector - University of London