The freedom that technology now affords us allows us to share and send information, cyber criminals can originate from anywhere globally.
It also means that the types of people who carry out cyber-attacks are from a much broader spectrum than ‘conventional crime’, with organised crime gangs, hacktivists with political messages to get across, teenage hackers pushing boundaries in their bedrooms, and state-sponsored actors all featuring. This makes the risk and the potential for an attack, either to you personally or for your organisation, much greater.
For higher education the cyber security threat is just as prevalent as it is for the commercial world. And in some respects it can be greater, for two key reasons.
Cyber Security in Higher Education - The Threat
Firstly, consider the open-source nature of university IT infrastructure, which allows for a collaborative environment and little restriction on access to information. This unfortunately means systems are a much easier target for cyber threats. A key example of this was the December 2015 DDoS (Distributed Denial of Service) attack on the UK Academic network, which prevented access to the internet and university networks for millions of students and staff across the country.
Secondly, when we consider the assets that are at risk, HE provides a very attractive target. Information on staff, student data including financial and personal details, alumni data and research data can all be compromised or stolen. Then consider the numbers for each of these areas – as an example, the largest university in the UK has roughly 38,000 students enrolled.
A published report of survey results carried out earlier this year by the cloud security developer VMware highlights what can be at stake for higher education institutes.
The results found that 43% of respondents had been targeted by hackers who were trying to obtain student data such as exam results or dissertation material.
A quarter of respondents also had intellectual property stolen, including research data, with 74% stating that research projects had been halted due to intrusion.
READ MORE: UK to get 1bn Cyber Security boost
In some cases the sensitivity of research being carried out posed a potential risk to national security. There are a multitude of attacks which are used to compromise potential targets; including phishing emails, ransomware and sequel injection attacks, and all have varying levels of impact depending on the severity or origin of the attack.
In reality, any attack can have devastating consequences for universities in regards to their reputation, huge monetary costs through direct theft or fines from the Information Commissioner’s Office, as well as loss and theft of data. The ongoing cost of fixing issues related to viruses or bugs in systems and networks is a further headache.
Who is responsible for Cyber Security in Higher Education?
Understandably, due to the technical nature of these types of threats, the cyber security issue has for a long time fallen to IT teams to address and manage. However, it has become clear that it must now be recognised at a senior management and board level if the issue is to be fully addressed.
Acceptance of the potential risks and consequences at a senior level will be the only way that changes can be made and actions implemented for cyber security across multiple channels including staff awareness, prevention systems, monitoring and strategy.
READ MORE: Cyber Security weekly news
As Tim Hearn, Director of UK Government and Public Services for VMware notes in the published report,
“Our higher education institutions from cybercrime is vital if the UK is to remain as one of the world’s top research and innovation destinations; it has to be a board-level issue.”
So, don’t just leave the security of your university assets to chance, because chances are you might be under attack right now. Do you have the systems in place to monitor and protect your organisation?