Updated: Dec 21, 2018
Universities have become a hunting ground for the unscrupulous hackers. Recently the Cobalt Dickins hacking group, which is linked to the Iranian government, was revealed to be behind an attempt to breach the systems of 76 universities in 14 countries. This included a number in the UK in the Times Higher Education Top 50 as well as others across Europe, the US and Asia.
This came just six months after the US Department of Justice charged nine Iranian hackers with attacking more than 300 universities around the world. This attack succeeded in duping 8,000 academics to respond to a phishing email and saw the group access 15 billion pages of academic projects.
These projects often include cutting-edge research and lucrative intellectual property which is why the further and higher education sector is so attractive to the hackers. They see potential riches – not a surprise when the Economist magazine reports that data is now the world’s most valuable commodity.
The thwarted attacks give a stark reminder as to why it is so important for academic and administrative staff to have the right online behaviours. They use technology as an enabler to manage personal information, carry out experiments and collate data. So it has never been more vital to understand about good online behaviours.
University staff have to know what their responsibilities are in keeping their institution’s IT system resilient particularly as 90% of cyber breaches are caused by human error. In a recent KPMG/Harvey Nash report education is the worst-affected sector for cybercrime.
Beating the threats is made even more complex as the majority of colleges and universities operate with clear distinctions between departments and faculties with little crossover and often on different sites, sometimes miles apart.
That is why it is important to have clear guidelines about staff’s online behaviours, particularly as any breach has the potential to inflict reputational and financial damage on the institution. It is also likely that research projects will involve academic and research staff working with industry partners, even other universities, which creates “weak spots” – so it is vital everybody understand how to keep the IT system secure.
Cyber resilience training should therefore be mandatory and all modules should be completed otherwise being locked out of IT systems could be a consequence.
The reality is that a cyber breach could be just a mouse click away and the evidence shows one in three universities face hourly attempts, so it is unlikely the threat isn’t going away soon.
Putting the right awareness training in place for staff and students alike will help to thwart the unscrupulous and protect reputations.
IQS’ latest paper offers a way forward for universities with guidance on:
how to audit your university’s critical information and establish where your vulnerabilities are identifying what controls, you have in place and what needs to change transforming your organisation’s cyber security and resilience culture. It also provides a “roadmap for improvement”, illustrating how to: get cyber resilience on the agenda of senior management provide practical learning and guidance for your people to ensure they are cyber resilient
embed cyber resilience best practice among all staff – your best defence against cyber-attack.