Students’ return to universities has coincided with a spate of attacks against academic institutions across the North of England, prompting the National Cyber Security Centre to issue a warning: prepare for disruption as the term starts.
Academia has a unique security profile due to the sector’s open, collaborative nature, making user-based vulnerabilities a particular challenge. Universities’ involvement in critical research, most notably vaccines for Covid-19, has encouraged hackers to target them with ransomware in combination with phishing, credential harvesting and brute force attacks.
The continued onslaught of cyberattacks on universities is a stark reminder that it takes a concerted effort to maintain security. The most popular ‘way in’ for hackers to introduce malware or ransomware onto a computer system is still phishing.
With social engineering, phishing attacks are sophisticated, helping criminals impersonate legitimate organisations with eerie accuracy by impersonating or hijacking the identity of someone we trust. It is more important to ensure that the organisations who hold valuable data are taking appropriate measures to protect it – but also the digital identities of everyone in their organisation.
Onboarding new users or ‘identities’, such as in Freshers Week, is a key moment for ensuring that everyone has secure and appropriate access to systems. With some university terms starting remotely this will be a difficult, but important, challenge to overcome for educators. A key success factor will be having a complete and unified view of identities and systems within the organisation.
It remains to be seen just how many students were impacted this year, however this event should remind us all that our personal information is our most valuable asset and we should secure and guard it carefully.
That hackers are targeting universities during this especially delicate time will come as no surprise to any business leader. It is known that bad actors, nation-state backed or independent, are setting their sights on the most valuable assets they can get their hands on, whether corporate secrets or intellectual property — and they will take advantage of fraught circumstances to do so.
UK universities spearhead research critical to national interests. Hackers are vying for control over it, whether for geopolitical dominance or to use the information for their own malicious interests. The most recent example is this summer’s attempt to steal the coronavirus vaccine.
One thing is certain: as the new term starts, university cybersecurity remains a boundless issue. Students and staff need to be protected not only within the university walls, but in their homes and off-campus locations as well. Crucial research should be granted all possible safeguards in a layered manner, and universities should take steps today to ensure they have a strong security posture to withstand hackers\’ future attempts.