Academic Institutions At Risk Of Cyber Attacks

Directors Report:  This article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Recently a number of academic institutions worldwide have been hit with ransomware attacks. The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets.

The type of attack has also changed significantly. Lone wolf hackers creating nuisance viruses have been replaced by sophisticated foreign governments and organised crime.

Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area.

The British National Cyber Security Centre (NCSC) continues to respond to an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities. A report published by the NCSC shows that the university sector was the third most vulnerable to cyber attack.

The rapid move to operating remotely due to the nationwide lockdown meant that universities had to quickly come up with alternative methods to continue their students’ education. This often included moving services to the cloud to form a hybrid infrastructure service and utilising software-as-a-service products such as Microsoft 365 and Dropbox.

One of the primary reasons for the success of these attacks is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way.

Phishing emails are frequently used by actors to deploy ransomware. These emails encourage users to open a malicious file or click on a malicious link that hosts the malware. With a combination of students, educators and other staff within universities, many of which haven’t been trained to recognise phishing emails, universities are subjected to millions of phishing emails a year. Quite often, this information is sold or published on the Dark Web, which can lead to staff and students becoming victims of further crimes, such as identity theft.

Universities can combat this with regular penetration testing - a process whereby security professionals act on your behalf to find and test weaknesses that criminals could manipulate. There are also a number of training tools which simulates an attack to test and educate end users and these should be employed. Previously, faculty and students would have predominantly accessed the network via campus and/or managed devices and would have been protected by the university’s many layers of security. The network and users would have been protected by a robust firewall as the first line of defence, which includes services such as DDoS mitigations, malware blockers and content filtering. So, whilst on campus, the chances of malware getting on to a device were lower.

The pandemic dramatically affected the education sector. To allow core curriculum and examinations to continue for students, systems, such as cloud-based software, video conferencing tools, and gamified e-learning activities, became invaluable. However, this shift to complete reliance on technology meant that the cyber attack surface expanded, with an increasing number of e-institutions made vulnerable from using new systems throughout the school day.

The NCSC highlighted the threat of ransomware attacks on the British education sector during August/September 2020.  With the majority of educational settings now returning to in-person learning, the sector is still firmly in the sights of threat actors. In late May and early June, the NCSC again warned that it was investigating another significant increase in academic cyber-attacks on the education sector. 

Compared to conventional businesses, universities and colleges have many challenges due to the nature of the work and access that it requires for the students and staff. This makes it hard for educational institutes to keep up with all the cyber security guidelines.

During the pandemic, universities had to act quickly to prepare and use the technologies that they have not fully prepared and tested or understood the use cases and risks so students and staff can continue their study and teaching. This directed attackers to see the opportunity and gaps to target uses with phishing emails and other known vulnerabilities in order to compromise their accounts and systems.

This has meant the theft of personal information from university students and employees, such as addresses, phone numbers, social security numbers, academic progress reports and financial documents has become easier. 

Recently in the UK many universities have faced ransomware and cyber-attacks including, the University of Northampton, Newcastle University, University of Hertfordshire, and Portsmouth University. This affected many students and research staff, all teaching was canceled, students weren’t able to submit their assignments and unable to access their course materials. These universities are closely working with the NCSC and police to support the investigation.

In some cases, this data then gets posted on the Dark Web where it can be used for criminal activities. Thirty years ago, libraries were not as connected to the rest of the university as they are now. Libraries used to be semi-autonomous, they used systems that just worked in the library setting. Now everything is interconnected and students can reach the library through the university network. At the same time the library can reach out to students, faculty, staff and other libraries, all through a network. This interconnectedness between the library and the institutions is being exploited by cyber criminals. 

According to the Scholarly Networks Security Initiative the higher education sector in particularly is facing cyber attacks due to the large amount of personal and research data that universities and library systems store routinely.

How Can Academic Institutions Protect Themselves? 

Usually the risk of a cyber attack is not focused on one department but it exists across the whole organisation. This means that every part of the organization has to have an awareness of security. So for example, if you have a bookstore on campus that offers credit and debit card payments, it is important, that they follow payment card industry standards. 

In case the campus has a healthcare facility, the university needs to make sure, that this data is stored securely and this is also true for libraries for whom information is at the center of their work. Libraries have to take the responsibility for securing their parts of the system and be an active participant in the overall cybersecurity strategy. When operationalising cyber security, there is a deep intertwining between these elements.

The library knows the information that it wants and it understands how that information should be appropriately distributed.  The IT department will then, based on the library’s instructions, make sure only people that are part of the university’s network are given access to resources. However, the IT department will need to authenticate who is out there and determine what their characteristics are. It can then pass along this information to the library, for the library systems to make the decision on whether to grant or deny access to specific parts of the library. 

At the same time,l it is important that the administration, registrar’s office, faculty and library staff, all do their part to achieve strong, pre-emptive cyber security. Cyber responsibilities should not be siloed off to the IT or risk management departments.

Why Are Academic Institutions Being Targeted By Cyber Criminals?

One of the reasons is that universities and colleges have libraries with huge amounts of non-public research information. Criminals can get into a research network and see what's going on, what's being tested and how those tests going. 

  • Not only is this kind of data useful to governments for espionage, but it also has an economic value, explains Brill. Let’s say for example researchers are working on a drug trial. 
  • Criminals entering the institution’s network will be able to see if the trial is going well or not and this information could be used for insider trading.

In summary, universities are targets for cyber attacks because their data is vulnerable and valuable. Not only does the personal data of student and staff that universities hold provide opportunities for ransom attacks, on top of that latest research findings can become a target for international espionage. That’s why it is vital for academic institutions to provide resources to cyber security and protect themselves from potential attacks.

The bottom line for schools and colleges is that as they confront the challenges of the pandemic, cyber security cannot be placed on the back burner. Ignoring threats to cyber security now can be quite costly in the future. 

All universities and schools should take this threat seriously as it is a growing problem and is not going away.

References:

NCSC:      Research Information:      Univeristy Business:   Open Access Government:    Computer Weekly

Techforce:     Times Higher Education:    Infosecurity Magazine:     Lamar.Edu:    GCN

You Might Also Read: 

Education Should Focus On Cyber Security:

 

« Artificial Intelligence Is Increasingly Important In Cyber Security 
Ransomware Attack On French Ministry of Justice »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Omerta IT

Omerta IT

Omerta IT help you protect your organisation by helping ensure you have the best IT Security professionals working for you.

ECSC Group

ECSC Group

ECSC is a full-service information security provider, specialising in 24/7/365 security breach detection and Artificial Intelligence (AI).

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Praetorian

Praetorian

Praetorian services include security assessments, penetration testing, code reviews, regulatory compliance solutions, and incident response.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.