The UK Higher Education (HE) sector is undergoing significant change and technology lies at the forefront of much of this change. Student demandfor an enhanced educational experience that exploits the latest technologies to help equip themfortheever-changing world of work is growing and will drive the continued success and attractiveness of UK HE institutions. But this demand must be managed and balanced with the well-known threat and impact of growing cyber-attacks on HE institutions. Without this balance the hard-won reputation and the institutional profile of UK HE in the highly competitive global HE market runs the risk of being undermined.
Many organisations continue to invest in multiple layers of ‘intelligent’ technical controls to protect themselves from cyber-attackers. However, security breaches continue to grow in their scale and impact. There’s something missing in our organisational response to the risks we face. The reality is that the most successful cyber-attacks succeed because of human error: the unwitting actions of anyone in the organisation, regardless of their role or responsibility.
Pairing people and technology
There is a growing understanding that effective cyber resilience is therefore as much about your people and their behaviours as it is about technology. HE institutions should be further developing their blueprint for effective cyber resilience with an increased focus on what is seen to be the greatest defence against cyber-attacks: your people.
With the annual student turnover, a plethora of devices and flexible operating models across departments, faculties, and colleges, it becomes very difficult for institutions to effectively understand and address their critical cyber risks and from last month, their new GDPR compliance responsibilities.
Understanding and addressing vulnerabilities
Considering that they are a growing and vulnerable target for cyber-attackers, HE institutions now understand that they need a balanced approach to managing their cyber-risks. HE institutions are made up of a highly diverse group of entities (departments, faculties, schools, colleges and central support functions) engaged in a wide range of activities.
In response to these strategies those on universities’ council, senate and executive committees and other governance institutions need to consider and respond to the following key questions:
- Do we know what our critical information is, where it is and who has access to it?
- What are the most significant cyber threats we face and what are our vulnerabilities to these threats?
- What would the impact be to our institution if those risks were realised?
- Do we have an incident recovery plan in place that’s regularly reviewed and tested?
- Do we have a cyber resilient culture embedded across the institution that our people actively support?
In asking and responding to these question UK HE institutions will be actively developing their roadmap for improvement in the face of growing cyber-attacks that threaten their reputation and standing around the world.