Cyber Security In Higher Education

Uploaded on 2021-02-11 in JOBS-Training, FREE TO VIEW

In response to the Coronavirus onslaught, higher education is rapidly migrating to remote and online learning and academic and IT leaders in the sector have faced an onslaught of challenges. Perhaps the greatest of these is the need for heightened cyber security, at the same time as budgets and resources are shrinking.
 
According to Bitdefender, the number of detected ransomware attacks, which paralyse victims’ systems or threaten to release confidential information until they pay a ransom, has increased by over 700% compared to the same period in 2019 and a significant trend which has emerged during the COVID-19 pandemic is an explosion in ransomware attacks on universities
 
Because higher education institutions have a low tolerance for downtime, store vast amounts of student and staff personal information, and keep valuable research data on file, they’re particularly vulnerable to this kind of cyber crime.  As thousands of students and staff now connect to educational networks remotely, COVID-19 has made breaching higher education networks even easier for threat actors. 
 
There have been around a thousand attacks a year targeting higher education institutions across the UK, often in the form of phishing and ransomware attacks that can leave staff and students open to account hacking, credential theft and credit card fraud and now the British  National Cyber Security Centre has issued a warning about the rising number of cyber-attacks against colleges and universities. It can take months or even years to recover after an attack, it is vital that higher education institutions identify where their cybersecurity risks lie and implement the right strategies to help maintain cybersecurity safeguards and protect data.
 
Strategies to Minimise Risk
 
To minimise risk and safeguard data, institutions must begin to adopt transparent strategies and policies. This includes backing up data and keeping it offline at certain points on a regular basis and monitoring network traffic and managing access controls. Additionally, with many thousands of staff and students to protect, active two-factor authentication should be considered to give every network user an extra element of security.
 
Higher education institutions must also plan for solutions in the event of a security breach and consider the possibility of shutting down an entire network or system for a period if needed. This potential plan will enable actions to respond to an attack and identify the infection point and reset and analyse the infrastructure allowing the institution to get back up and running safely. It will also allow the time to change passwords, update credentials and restore data as necessary as well as notify authorities of the breach as necessary to comply with data protection and security regulations.
 
Processing Data Securely
 
As universities and colleges process significant volumes of personal data, the sector must address how to do this securely and in a way that complies with the General Data Protection Regulation (GDPR). The most effective way is to establish governance for the protection of personal data, which starts with appointing a Data Protection Officer who will be responsible for ensuring that the institution maintains compliance and enforces and communicates a clear GDPR strategy across the community of the institution. 
 
As institutions are data controllers of student data, they must work with their technology partners to implement the right data platforms securely and safely to store and transmit both student data and other resources. The most effective solutions will be those with security based on authentication, authorisation, auditing and encryption. The authentication capabilities will allow the institution to verify the identity of all users, while authorisation ensures that users can access the resources that they need, and no others.
 
Such a solution should also be paired with tried and tested cyber security strategies through defining and putting into effect how an institution identifies, protects, detects, responds and recovers from cybersecurity events and incidents.
 
Key Issues For British Universities & Colleges
 
The key cyber threats to UK universities are most likely to be:
 
• Criminals seeking financial gain
• Nation states looking to steal personal data and intellectual property, for strategic advantage
 
Cyber crime will probably present the most evident and disruptive difficulties for universities. However, State-sponsored espionage is likely cause greater long-term damage. Likely effects of state espionage include:
 
• Damage to the value of research, notably in STEM subjects
• A fall in investment by public or private sector in affected universities
• Damage to the UK’s knowledge advantage  
 
In both culture and technology, universities are one of the most open and outward facing sectors. This enables and eases collaboration between academics across borders, unfortunately, this also eases the task of an attacker.
 
Cyber crime too will almost certainly continue to impact universities, either as a direct target or as collateral, regardless of the reputation and success of those universities targeted. If foreign direct investment were to come under greater scrutiny or restriction, it is a realistic possibility that the cyber threat to universities would increase, as nation states sought alternative ways to gain access to sensitive research and intellectual property.
 
While the methods employed by cyber criminals are constantly evolving, spear-phishing and ransomware are highly likely to remain the main attack vectors. Ransomware is likely to be the greatest single cause of disruption to staff, students and the universities themselves.
 
NCSC:      Infosecurity Magazine:        EdTech Magazine:       Morphisec:       Image: Unsplash
 
You Might Also Read: 
 
British Universities Shut Down By Cyber Attacks:
 
« How To Create Effective Cyber Security Training For Employees
Instagram, TikTok & Twitter Shutdown Stolen Accounts »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.