Academic Institutions At Risk Of Cyber Attacks

Uploaded on 2022-02-01 in Directors Reports

Directors Report:  This article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Recently a number of academic institutions worldwide have been hit with ransomware attacks. The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets.

The type of attack has also changed significantly. Lone wolf hackers creating nuisance viruses have been replaced by sophisticated foreign governments and organised crime.

Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area.

The British National Cyber Security Centre (NCSC) continues to respond to an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities. A report published by the NCSC shows that the university sector was the third most vulnerable to cyber attack.

The rapid move to operating remotely due to the nationwide lockdown meant that universities had to quickly come up with alternative methods to continue their students’ education. This often included moving services to the cloud to form a hybrid infrastructure service and utilising software-as-a-service products such as Microsoft 365 and Dropbox.

One of the primary reasons for the success of these attacks is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way.

Phishing emails are frequently used by actors to deploy ransomware. These emails encourage users to open a malicious file or click on a malicious link that hosts the malware. With a combination of students, educators and other staff within universities, many of which haven’t been trained to recognise phishing emails, universities are subjected to millions of phishing emails a year. Quite often, this information is sold or published on the Dark Web, which can lead to staff and students becoming victims of further crimes, such as identity theft.

Universities can combat this with regular penetration testing - a process whereby security professionals act on your behalf to find and test weaknesses that criminals could manipulate. There are also a number of training tools which simulates an attack to test and educate end users and these should be employed. Previously, faculty and students would have predominantly accessed the network via campus and/or managed devices and would have been protected by the university’s many layers of security. The network and users would have been protected by a robust firewall as the first line of defence, which includes services such as DDoS mitigations, malware blockers and content filtering. So, whilst on campus, the chances of malware getting on to a device were lower.

The pandemic dramatically affected the education sector. To allow core curriculum and examinations to continue for students, systems, such as cloud-based software, video conferencing tools, and gamified e-learning activities, became invaluable. However, this shift to complete reliance on technology meant that the cyber attack surface expanded, with an increasing number of e-institutions made vulnerable from using new systems throughout the school day.

The NCSC highlighted the threat of ransomware attacks on the British education sector during August/September 2020.  With the majority of educational settings now returning to in-person learning, the sector is still firmly in the sights of threat actors. In late May and early June, the NCSC again warned that it was investigating another significant increase in academic cyber-attacks on the education sector. 

Compared to conventional businesses, universities and colleges have many challenges due to the nature of the work and access that it requires for the students and staff. This makes it hard for educational institutes to keep up with all the cyber security guidelines.

During the pandemic, universities had to act quickly to prepare and use the technologies that they have not fully prepared and tested or understood the use cases and risks so students and staff can continue their study and teaching. This directed attackers to see the opportunity and gaps to target uses with phishing emails and other known vulnerabilities in order to compromise their accounts and systems.

This has meant the theft of personal information from university students and employees, such as addresses, phone numbers, social security numbers, academic progress reports and financial documents has become easier. 

Recently in the UK many universities have faced ransomware and cyber-attacks including, the University of Northampton, Newcastle University, University of Hertfordshire, and Portsmouth University. This affected many students and research staff, all teaching was canceled, students weren’t able to submit their assignments and unable to access their course materials. These universities are closely working with the NCSC and police to support the investigation.

In some cases, this data then gets posted on the Dark Web where it can be used for criminal activities. Thirty years ago, libraries were not as connected to the rest of the university as they are now. Libraries used to be semi-autonomous, they used systems that just worked in the library setting. Now everything is interconnected and students can reach the library through the university network. At the same time the library can reach out to students, faculty, staff and other libraries, all through a network. This interconnectedness between the library and the institutions is being exploited by cyber criminals. 

According to the Scholarly Networks Security Initiative the higher education sector in particularly is facing cyber attacks due to the large amount of personal and research data that universities and library systems store routinely.

How Can Academic Institutions Protect Themselves? 

Usually the risk of a cyber attack is not focused on one department but it exists across the whole organisation. This means that every part of the organization has to have an awareness of security. So for example, if you have a bookstore on campus that offers credit and debit card payments, it is important, that they follow payment card industry standards. 

In case the campus has a healthcare facility, the university needs to make sure, that this data is stored securely and this is also true for libraries for whom information is at the center of their work. Libraries have to take the responsibility for securing their parts of the system and be an active participant in the overall cybersecurity strategy. When operationalising cyber security, there is a deep intertwining between these elements.

The library knows the information that it wants and it understands how that information should be appropriately distributed.  The IT department will then, based on the library’s instructions, make sure only people that are part of the university’s network are given access to resources. However, the IT department will need to authenticate who is out there and determine what their characteristics are. It can then pass along this information to the library, for the library systems to make the decision on whether to grant or deny access to specific parts of the library. 

At the same time,l it is important that the administration, registrar’s office, faculty and library staff, all do their part to achieve strong, pre-emptive cyber security. Cyber responsibilities should not be siloed off to the IT or risk management departments.

Why Are Academic Institutions Being Targeted By Cyber Criminals?

One of the reasons is that universities and colleges have libraries with huge amounts of non-public research information. Criminals can get into a research network and see what's going on, what's being tested and how those tests going. 

  • Not only is this kind of data useful to governments for espionage, but it also has an economic value, explains Brill. Let’s say for example researchers are working on a drug trial. 
  • Criminals entering the institution’s network will be able to see if the trial is going well or not and this information could be used for insider trading.

In summary, universities are targets for cyber attacks because their data is vulnerable and valuable. Not only does the personal data of student and staff that universities hold provide opportunities for ransom attacks, on top of that latest research findings can become a target for international espionage. That’s why it is vital for academic institutions to provide resources to cyber security and protect themselves from potential attacks.

The bottom line for schools and colleges is that as they confront the challenges of the pandemic, cyber security cannot be placed on the back burner. Ignoring threats to cyber security now can be quite costly in the future. 

All universities and schools should take this threat seriously as it is a growing problem and is not going away.

References:

NCSC:      Research Information:      Univeristy Business:   Open Access Government:    Computer Weekly

Techforce:     Times Higher Education:    Infosecurity Magazine:     Lamar.Edu:    GCN

You Might Also Read: 

Education Should Focus On Cyber Security:

 

« Artificial Intelligence Is Increasingly Important In Cyber Security 
Ransomware Attack On French Ministry of Justice »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AET Europe

AET Europe

AET Europe is specialised in creating technological solutions for user identification and authentication.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Active Navigation

Active Navigation

Active Navigation is a data privacy and governance software company.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Knowit

Knowit

Knowit support customers in the digital transformation, simplify people’s everyday lives and create secure and innovative solutions enabling a sustainable future.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.