“Ethical hackers” beat university cyber-defences in just two hours. As part of our experts comments series, Paul talks about the huge amount of sensitive data that universities hold, so the risk of cyber-attack is extremely high, which is why organisations need to be vigilant and ensure that they have a proactive approach when it comes to cyber security.
Ethical hackers attack over 50 universities and gain access to personal data, finance systems and research networks within 2 hours. One of the key reasons why Universities are now moving to a cloud first strategy. #oraclecloud https://t.co/7kDnKPZC03
— Nigel Thomas (@oraclengt) April 4, 2019
Expert Comments:
Paul McEvatt, Senior Manager, Threat & Strategy at Fujitsu EMEIA:
“Cyber-attacks remain one of the biggest threats facing businesses today and it’s clear that data remains a valuable currency for cyber-criminals. Due to the vast amount of sensitive data that universities hold, the risk of cyber-attacks is extremely high. In order to effectively manage threats, universities must keep pace with cyber-attack methodologies and it’s re-assuring to see JISC carry out penetration tests to understand the potential impact to university networks in order to protect the research and data they hold. The results of these tests will allow JISC to understand where the universities need to concentrate their security efforts for the next 6 months.
“Designed to access and exploit data, cyber-attacks are now part of a criminal industry. Fortunately, new concepts such as automation and orchestration will help organisations to detect and respond to incidents more effectively and efficiently to protect peoples’ data. However, if such technology is to be truly optimised, organisations must adopt a two-pronged approach by complementing technical and security controls with employee training and awareness. The fact that it took only two hours for the penetration testers to breach the university systems underlines that security controls must be continually reviewed and is a stark reminder that, no matter the industry, all organisations need to be vigilant and ensure that they have a proactive approach when it comes to cyber security.”
Laurie Mercer, Security Engineer at HackerOne:
“Many hackers start hacking during or even before university. Universities may think that they lack security knowledge and skills, when actually they are sitting on a gold mine of hidden talent. One great way to mine for this talent is a ‘students only’ bug bounty program, where students are encouraged to help universities find security vulnerabilities, and in return, the universities reward them with bounties and even course credits!”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.