British Universities Have Many Cyber Threats

Emerging online threats and tough new penalties for data breaches are forcing universities to take cyber security more seriously than ever.  Universities are bombarded on a daily basis with information about cybercrime and security, almost to the point where it feels that little else needs to be done other than trust in the IT department’s skills and get on with life.

But does this mean students and academic staff are safe? Is their research and partner companies’ data really secure? Will an institution’s computers, libraries and facilities function without hiccup thanks to the new wave of encryption, site blocks and alerts that have arrived in recent months?

In a word, no. Universities will never be 100 per cent secure because no one is completely safe when it comes to cybersecurity. 

As Henry Hughes, deputy chief information security officer at Jisc, pointed out at a recent higher education conference: “Half of you are not doing any student training in cyber security.” Supporting this statement, he added that a Jisc survey of 22,000 students’ satisfaction at the end of their courses found that 82 per cent felt that digital skills were essential to their future careers, but less than half of the group felt that they were well prepared for the digital workplace.

This matters because we can all be victims (or at least targets) and cyber security cannot, and should not, be delegated. While you are busy thinking “it’s not going to be me, I’m not important”, that is when you leave yourself vulnerable.
IT security is not a new challenge for universities but with the new European Union’s General Data Protection Regulation it is expected that universities will become more liable for data breaches, with fines of up to 2 per cent of overall revenue or €10 million, whichever is higher.

In 2016, the UK government set out plans to commit £1.8 billion to the National Cyber Security Strategy, working with organisations from the private sector, public agencies and academia to create a national Cyber Security Centre, a Cyber Innovation Centre, and an Institute of Coding.

The University of Gloucestershire is leading discussions with a select group of universities and businesses to discuss the shape and form of this national project. The university is also now one of 17 universities helping its graduates to develop skills in writing safe and secure software, as part of the newly set up Institute of Coding.

This project has acquired greater importance thanks to a new phenomenon known as the “internet of things”. This shorthand describes the online interconnection of computing devices embedded in everyday objects, ranging from phones and fridges to home thermostats and power stations. 

Within two years it is estimated that about 26 billion devices will be connected to the internet. Cyber-attacks will have the potential to damage not just our laptops and work computers, but dozens of electrical items in our homes. As such, university staff and students need to get into good “cyber hygiene” habits. Campus visitors bring laptops and mobile phones with them, while academics frequently connect with organisations from around the world. We need to limit the number of people with administrator privileges and be wary of disgruntled insiders.

Training and education must be continuous because cybersecurity is a process, not an event. It has to be part of a university’s ongoing risk assessment. We all should think of ourselves as human firewalls within our organisations.

It is vital to make sure that systems are updated regularly and understand that security is a continuous process. Share good practice, your neighbour could be the weak link so help them, and have a plan for when it all goes wrong.

Times Higher Education:      Image: Nick Youngson

You Might Also Read: 

Oxford University’s Cyber Research:

Canadian University Hit For $12m Phishing Scam:

 

« Business AI Platform For Commercial Development
Deloitte To Invest £430 Million On Cybersecurity Defences »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Cyber Security Austria (CSA)

Cyber Security Austria (CSA)

Cyber Security Austria (CSA) is an independent non-profit association with the aim to address security issues in the area of IT/cyber security of critical/strategic infrastructures in Austria.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.

Device42

Device42

Device42 is a trusted, advanced, and complete full-stack agentless discovery and dependency mapping platform for Hybrid IT.

GlitchSecure

GlitchSecure

GlitchSecure helps companies secure their products and infrastructure through real-time continuous security testing.