British Universities Have Many Cyber Threats

Emerging online threats and tough new penalties for data breaches are forcing universities to take cyber security more seriously than ever.  Universities are bombarded on a daily basis with information about cybercrime and security, almost to the point where it feels that little else needs to be done other than trust in the IT department’s skills and get on with life.

But does this mean students and academic staff are safe? Is their research and partner companies’ data really secure? Will an institution’s computers, libraries and facilities function without hiccup thanks to the new wave of encryption, site blocks and alerts that have arrived in recent months?

In a word, no. Universities will never be 100 per cent secure because no one is completely safe when it comes to cybersecurity. 

As Henry Hughes, deputy chief information security officer at Jisc, pointed out at a recent higher education conference: “Half of you are not doing any student training in cyber security.” Supporting this statement, he added that a Jisc survey of 22,000 students’ satisfaction at the end of their courses found that 82 per cent felt that digital skills were essential to their future careers, but less than half of the group felt that they were well prepared for the digital workplace.

This matters because we can all be victims (or at least targets) and cyber security cannot, and should not, be delegated. While you are busy thinking “it’s not going to be me, I’m not important”, that is when you leave yourself vulnerable.
IT security is not a new challenge for universities but with the new European Union’s General Data Protection Regulation it is expected that universities will become more liable for data breaches, with fines of up to 2 per cent of overall revenue or €10 million, whichever is higher.

In 2016, the UK government set out plans to commit £1.8 billion to the National Cyber Security Strategy, working with organisations from the private sector, public agencies and academia to create a national Cyber Security Centre, a Cyber Innovation Centre, and an Institute of Coding.

The University of Gloucestershire is leading discussions with a select group of universities and businesses to discuss the shape and form of this national project. The university is also now one of 17 universities helping its graduates to develop skills in writing safe and secure software, as part of the newly set up Institute of Coding.

This project has acquired greater importance thanks to a new phenomenon known as the “internet of things”. This shorthand describes the online interconnection of computing devices embedded in everyday objects, ranging from phones and fridges to home thermostats and power stations. 

Within two years it is estimated that about 26 billion devices will be connected to the internet. Cyber-attacks will have the potential to damage not just our laptops and work computers, but dozens of electrical items in our homes. As such, university staff and students need to get into good “cyber hygiene” habits. Campus visitors bring laptops and mobile phones with them, while academics frequently connect with organisations from around the world. We need to limit the number of people with administrator privileges and be wary of disgruntled insiders.

Training and education must be continuous because cybersecurity is a process, not an event. It has to be part of a university’s ongoing risk assessment. We all should think of ourselves as human firewalls within our organisations.

It is vital to make sure that systems are updated regularly and understand that security is a continuous process. Share good practice, your neighbour could be the weak link so help them, and have a plan for when it all goes wrong.

Times Higher Education:      Image: Nick Youngson

You Might Also Read: 

Oxford University’s Cyber Research:

Canadian University Hit For $12m Phishing Scam:

 

« Business AI Platform For Commercial Development
Deloitte To Invest £430 Million On Cybersecurity Defences »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

National Cybersecurity Consortium (NCC)

National Cybersecurity Consortium (NCC)

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.