Because of the freedom that technology now affords us to share and send information, cyber criminals can originate from anywhere globally. It also means that the types of people who carry out cyber-attacks are from a much broader spectrum than ‘conventional crime’, with organised crime gangs, hacktivists with political messages to get across, teenage hackers pushing boundaries in their bedrooms and state-sponsored actors all featuring. This makes the risk and the potential for an attack, either to you personally or for your organisation, so much greater.
For higher education the cyber security threat is just as prevalent as it is for the commercial world, and in some respects it can be greater, for two key reasons:
Firstly, the open-source nature of university IT infrastructure, which allows a collaborative environment and little restriction on access to information, means systems are a much easier target for cyber threats. A key example of this was the December 2015 DDoS (Distributed Denial of Service) attack on the UK Academic network, which prevented access to the internet and university networks for millions of students and staff across the country.
Secondly, when we consider the assets that are at risk, HE provides a very attractive target. Information on staff, student data including financial and personal details, alumni data and research data can all be compromised or stolen. Then consider the numbers for each of these areas – as an example, the largest university in the UK has roughly 38,000 students enrolled. So never mind the number of graduates and alumni, there is a huge amount of data at risk.
A published report of survey results carried out earlier this year by the cloud security developer VMware* highlights what can be at stake for higher education institutes.
The results found that 43% of respondents had been targeted by hackers who were trying to obtain student data such as exam results or dissertation material.
A quarter of respondents also had intellectual property stolen, including research data, with 74% stating that research projects had been halted due to intrusion.
Protecting our HE institutions from cybercrime is vital if the UK is to remain as one of the world’s top research and innovation destinations
In some cases the sensitivity of research being carried out posed a potential risk to national security, if an attack was successful. There are a multitude of attacks which are used to compromise potential targets, including phishing emails, ransomware and sequel injection attacks and all have varying levels of impact depending on the severity or origin of the attack. In reality, any attack can have devastating consequences for universities in regards to their reputation, huge monetary cost through direct theft or fines from the Information Commissioner’s Office, or loss and theft of data. The ongoing cost of fixing issues related to viruses or bugs in systems and networks is a further headache.
Understandably, due to the technical nature of these types of threats, the cyber security issue has for a long time fallen to IT teams to address and manage. However, it has become clear that it must now be recognised at a senior management and board level if the issue is to be fully addressed.
Acceptance of the potential risks and consequences at a senior level will be the only way that changes can be made and actions implemented for cyber security across multiple channels including staff awareness, prevention systems, monitoring and strategy.
As Tim Hearn, Director of UK Government and Public Services for VMware notes in the published report, “Protecting our higher education institutions from cybercrime is vital if the UK is to remain as one of the world’s top research and innovation destinations; it has to be a board-level issue.”
So, don’t just leave the security of your university assets to chance, because chances are you might be under attack right now. Do you have the systems in place to monitor and protect your organisation?