Academic Institutions At Risk Of Cyber Attacks

Directors Report:  This article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Recently a number of academic institutions worldwide have been hit with ransomware attacks. The combination of employee and student personal and financial information, confidential data such as medical records, and commercially desirable research combined with the cultural openness of higher education has made Colleges and Universities prime targets.

The type of attack has also changed significantly. Lone wolf hackers creating nuisance viruses have been replaced by sophisticated foreign governments and organised crime.

Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area.

The British National Cyber Security Centre (NCSC) continues to respond to an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities. A report published by the NCSC shows that the university sector was the third most vulnerable to cyber attack.

The rapid move to operating remotely due to the nationwide lockdown meant that universities had to quickly come up with alternative methods to continue their students’ education. This often included moving services to the cloud to form a hybrid infrastructure service and utilising software-as-a-service products such as Microsoft 365 and Dropbox.

One of the primary reasons for the success of these attacks is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way.

Phishing emails are frequently used by actors to deploy ransomware. These emails encourage users to open a malicious file or click on a malicious link that hosts the malware. With a combination of students, educators and other staff within universities, many of which haven’t been trained to recognise phishing emails, universities are subjected to millions of phishing emails a year. Quite often, this information is sold or published on the Dark Web, which can lead to staff and students becoming victims of further crimes, such as identity theft.

Universities can combat this with regular penetration testing - a process whereby security professionals act on your behalf to find and test weaknesses that criminals could manipulate. There are also a number of training tools which simulates an attack to test and educate end users and these should be employed. Previously, faculty and students would have predominantly accessed the network via campus and/or managed devices and would have been protected by the university’s many layers of security. The network and users would have been protected by a robust firewall as the first line of defence, which includes services such as DDoS mitigations, malware blockers and content filtering. So, whilst on campus, the chances of malware getting on to a device were lower.

The pandemic dramatically affected the education sector. To allow core curriculum and examinations to continue for students, systems, such as cloud-based software, video conferencing tools, and gamified e-learning activities, became invaluable. However, this shift to complete reliance on technology meant that the cyber attack surface expanded, with an increasing number of e-institutions made vulnerable from using new systems throughout the school day.

The NCSC highlighted the threat of ransomware attacks on the British education sector during August/September 2020.  With the majority of educational settings now returning to in-person learning, the sector is still firmly in the sights of threat actors. In late May and early June, the NCSC again warned that it was investigating another significant increase in academic cyber-attacks on the education sector. 

Compared to conventional businesses, universities and colleges have many challenges due to the nature of the work and access that it requires for the students and staff. This makes it hard for educational institutes to keep up with all the cyber security guidelines.

During the pandemic, universities had to act quickly to prepare and use the technologies that they have not fully prepared and tested or understood the use cases and risks so students and staff can continue their study and teaching. This directed attackers to see the opportunity and gaps to target uses with phishing emails and other known vulnerabilities in order to compromise their accounts and systems.

This has meant the theft of personal information from university students and employees, such as addresses, phone numbers, social security numbers, academic progress reports and financial documents has become easier. 

Recently in the UK many universities have faced ransomware and cyber-attacks including, the University of Northampton, Newcastle University, University of Hertfordshire, and Portsmouth University. This affected many students and research staff, all teaching was canceled, students weren’t able to submit their assignments and unable to access their course materials. These universities are closely working with the NCSC and police to support the investigation.

In some cases, this data then gets posted on the Dark Web where it can be used for criminal activities. Thirty years ago, libraries were not as connected to the rest of the university as they are now. Libraries used to be semi-autonomous, they used systems that just worked in the library setting. Now everything is interconnected and students can reach the library through the university network. At the same time the library can reach out to students, faculty, staff and other libraries, all through a network. This interconnectedness between the library and the institutions is being exploited by cyber criminals. 

According to the Scholarly Networks Security Initiative the higher education sector in particularly is facing cyber attacks due to the large amount of personal and research data that universities and library systems store routinely.

How Can Academic Institutions Protect Themselves? 

Usually the risk of a cyber attack is not focused on one department but it exists across the whole organisation. This means that every part of the organization has to have an awareness of security. So for example, if you have a bookstore on campus that offers credit and debit card payments, it is important, that they follow payment card industry standards. 

In case the campus has a healthcare facility, the university needs to make sure, that this data is stored securely and this is also true for libraries for whom information is at the center of their work. Libraries have to take the responsibility for securing their parts of the system and be an active participant in the overall cybersecurity strategy. When operationalising cyber security, there is a deep intertwining between these elements.

The library knows the information that it wants and it understands how that information should be appropriately distributed.  The IT department will then, based on the library’s instructions, make sure only people that are part of the university’s network are given access to resources. However, the IT department will need to authenticate who is out there and determine what their characteristics are. It can then pass along this information to the library, for the library systems to make the decision on whether to grant or deny access to specific parts of the library. 

At the same time,l it is important that the administration, registrar’s office, faculty and library staff, all do their part to achieve strong, pre-emptive cyber security. Cyber responsibilities should not be siloed off to the IT or risk management departments.

Why Are Academic Institutions Being Targeted By Cyber Criminals?

One of the reasons is that universities and colleges have libraries with huge amounts of non-public research information. Criminals can get into a research network and see what's going on, what's being tested and how those tests going. 

  • Not only is this kind of data useful to governments for espionage, but it also has an economic value, explains Brill. Let’s say for example researchers are working on a drug trial. 
  • Criminals entering the institution’s network will be able to see if the trial is going well or not and this information could be used for insider trading.

In summary, universities are targets for cyber attacks because their data is vulnerable and valuable. Not only does the personal data of student and staff that universities hold provide opportunities for ransom attacks, on top of that latest research findings can become a target for international espionage. That’s why it is vital for academic institutions to provide resources to cyber security and protect themselves from potential attacks.

The bottom line for schools and colleges is that as they confront the challenges of the pandemic, cyber security cannot be placed on the back burner. Ignoring threats to cyber security now can be quite costly in the future. 

All universities and schools should take this threat seriously as it is a growing problem and is not going away.

References:

NCSC:      Research Information:      Univeristy Business:   Open Access Government:    Computer Weekly

Techforce:     Times Higher Education:    Infosecurity Magazine:     Lamar.Edu:    GCN

You Might Also Read: 

Education Should Focus On Cyber Security:

 

« Artificial Intelligence Is Increasingly Important In Cyber Security 
Ransomware Attack On French Ministry of Justice »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.