The UK’s cybersecurity agency also outlines precautions that academia should take to mitigate risks
The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning to universities across the country, urging them to be on their guard against cyberattacks.
The main risk is, in fact, two-fold. Firstly, it comes from ne’er-do-wells seeking financial gain via what are often untargeted attacks. When the attacks are targeted, however, they “have the potential for greater financial impact”, notes the cybersecurity agency.
“Cybercrime will probably present the most evident and disruptive difficulties for universities,” reads the threat assessment.
At the same time, however, the report sounds the alarm on a more silent threat, one that is “likely to cause greater long-term damage” – state-sponsored attacks and espionage. These incursions seek strategic gain and are aimed at intellectual property theft from institutions that house valuable research data and other assets, which is largely why they fall in the crosshairs of cyberattackers.
To defend against incursions, the universities are being urged to ensure they have a range of basic measures in place. This includes security-conscious policies and strict authentication and access controls, as well as making sure that university networks are designed with security considerations in mind. Still, the very first line of defense, as noted by the report, is “good security awareness among staff and students”.
Techniques may be evolving but, courtesy of their high success rate, attacks involving social engineering remain a staple. Indeed, a team of ethical hackers recently conducted simulated attacks at more than 50 universities in the UK and, in each case, got their hands on high-value data within two hours. As we also wrote back then, key to the 100-percent success rate was spear-phishing, a targeted form of phishing that involves sending a bespoke email to a well-researched prospective victim.
Here is our list of measures that educational institutions are well advised to take in order to defend against cyberattacks.