A report says universities are not doing enough to protect themselves against the threat of cyber criminals.
Share this article
Hackers were able to gain access to “high-value” data within just two hours during a test of universities’ defences against cyber attacks, a report has said.
So-called ethical hackers from Jisc, a Government-funded agency which provides universities and colleges with digital support, had a 100% track record of penetrating their defences within the time-frame, the paper says.
The report, published jointly with the Higher Education Policy Institute (HEPI), says universities are not doing enough to protect themselves against the threat of cyber criminals and urges them to take immediate action.
It warns that phishing attacks against students are becoming “more sophisticated” and increasingly prevalent in UK institutions.
Among them are scams which purport to offer free grants to students or ask them to update their bank details so that loans can be paid.
“Spear phishing” attacks, where an email appears to have been sent from a trusted sender in order to convince people to disclose confidential information, is also becoming more common, the report adds.
Dr John Chapman, head of Jisc’s security operations centre and the author of the report, warned it was “critical” to build robust defences at universities in order to avert a “potentially disastrous” data breach, or even an entire network outage.
“Universities can’t afford to stand still in the face of this constantly evolving threat,” he said.
“While the majority of higher education providers take this problem seriously, we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment.”
According to the report, more than 1,000 cyber attacks were detected against 241 education and research institutions in the UK last year.
As well as students being conned out of money, hackers could also turn their attention to universities’ highly valuable research data, the report warns.
“Universities hold masses of data on sensitive research, on the inventions of the future and on their staff and students, but some of it is not properly secured,” said Nick Hillman, director of HEPI.
“The two main functions of universities are to teach and to research. Students like having their personal data used to improve teaching and learning. But this support is conditional and is unlikely to survive a really serious data breach.
“Meanwhile, future UK economic growth is highly dependent on university research. This provides valuable information that a few unscrupulous foreign governments are keen to access.”
The experts said regulators should set minimum requirements for cybersecurity at UK institutions in order to tackle the problem.
Professor David Maguire, chairman of Jisc and vice-chancellor of the University of Greenwich, added: “Universities are absolutely reliant on connectivity to conduct almost all their functions, from administration and finance to teaching and research.
“These activities accrue a huge amount of data; this places a burden of responsibility on institutions, which must ensure the safety of online systems and the data held within them.”