A survey of 499 IT decision makers in the education sector found that nearly half of organisations were hit by ransomware in the last year. Organisations must take sufficient steps to stay secure and safe as threats continue to rise amongst universities.
Professor Madeline Carr at UCL is a leading academic on cyber security in higher education and also sits on our board of directors. We are sharing 6 security challenges she’s highlighted when working collaboratively with her research team, the NCSC and UCISA, from budgetary constraints, to lack of communication and support.
The Higher Education sector holds vast amounts of Personal Identifiable Data (PID), from salaries and bank details to pastoral care notes, as well as commercially valuable intellectual property such as the Oxford Astra Zeneca vaccine. Due to the sensitivity of this information, universities are automatically high targets for cyber attacks as threat actors attempt to damage valuable data or leverage it for personal gain.
Listen to the special edition of our Threat Set Radio Podcast for Higher Education.
CEOs often make requests for staff to take steps to improve their security measures, but this won’t necessarily call for high compliance within a university. Academics are wary of systems and processes that get in the way of their work and will often continue to use their specific tools and platforms out of familiarity. This limits an organisation’s ability to make tangible security improvements.
Universities are full of people who highly value openness, collaboration and exchanging information and knowledge, often working in many cross institutional groups. As a result, what might be seen as perfectly sensible cyber security practices can be very cumbersome for them as they move in and out of systems in other institutions, trying to keep track of all their data and keep the appropriate access controls. This can lead to a ‘head in the sand’ approach where much-needed change is avoided.
Although there are some very good organisations established to help university CISOs, they are not working as effectively as they need to. Most CISOs at universities call on colleagues at other universities for help when they need it, rather than drawing upon shared threat intelligence and solutions within their own vicinity.
The global pandemic made it more apparent than ever that university business continuity leans much more heavily on its digital estate than it does on its physical estate, and yet the budget allocation to these is incomparable. In many universities, cyber security still comes under the IT budget and even that is low in comparison to other similar sized organisations. Protecting a huge, sensitive digital estate that carries high value data and is essential for business continuity on a small budget requires a partner that really understands the sector and can leverage threat intelligence from multiple HE institutions.
“Cybersecurity practitioners in the higher education sector have been doing an incredible job with relatively little in terms of resources. It’s a sector that is critical to the UK national interest and it’s overdue for some focused support and attention.”
– Keven Knight, COO at Talion
Large universities welcome and farewell around 10K students each year – all of which need access controls and credential management. Managing alumni, therefore, remains particularly challenging as they are best kept close to the institution for promotional purposes, but this leaves 10K open gates each year.
Madeline Carr, Professor of Global Politics and Cybersecurity at UCL, notes that:
“We’ve seen a significant increase in attacks on UK HE over the past few years, and it’s clear that more needs to be done to coordinate threat intelligence in this sector. We’ve got people holding back a tidal wave of malicious actors with a swiss army knife. They need more support.”
Implementing good cyber hygiene in a university is no easy feat, but it can be achieved successfully when it is built on an honest exchange with academics, professional services staff, management, and the security team.
Our Threat Intelligence report for education highlights sector-specific threat activity, recent attacks in Higher Education, and mitigation recommendations for Universities.
Download our Higher Education Cyber Threat Report here.
Have further questions about the threat of cyber attacks against Universities?
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.
Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.
