Under Attack: Strengthening Cyber Security in Higher and Further Education
Last month, the UK government released its annual Cyber Security Breaches study, which exposed a worrying trend for higher and further education institutions: The scale and frequency of cyber attacks they face are now on par with those targeting the UK’s largest enterprises.
However, unlike large organisations, with extensive cyber security resources and budgets, higher and further education institutions are often relying almost entirely on internal resources to protect their environments.
In the last few years, the UK has witnessed numerous cyber attacks against universities and colleges, which have had devastating impacts. Studies have been halted, confidential data has been leaked on the dark web, while victims have suffered immense loses in recovery costs. But according to the latest government figures, these events are occurring far more frequently than many realise, with some institutions reporting weekly intrusions.
According to the study, 85% of further education colleges and 91% of higher education institutions have experienced a cyber attack in the last year. Furthermore, 30% of institutions revealed they experience a cyber breach or attack on a weekly basis.
These figures far exceed the volume of attacks experienced across the other sectors covered in the study. They only mirror the volumes experienced by the country’s largest enterprises, which undoubtedly have far more resources and money to dedicate to defences.
Motivations behind attacks
Unlike attacks on organisations, which are most frequently motivated by money, the attacks on universities and colleges can often be motivated by cyber espionage or destruction.
It’s widely known that UK government-associated organisations will not pay ransom demands to criminals, but even despite this, colleges and universities are one of the most targeted sectors with ransomware.
Universities often undertake research in areas such as defence, AI, health and climate, which are highly attractive to nation-state actors seeking to gain economic or strategic advantage. The National Cyber Security Centre (NCSC) has also issued multiple advisories warning that hostile states are increasingly targeting the UK’s academic sector, both to steal intellectual property and to disrupt critical research initiatives.
This suggests that many of the attacks are not motivated by money, they are executed with the aim of stealing sensitive information or purely to cause harm or disruption to the UK.
This makes it critical that defences are in place to ensure no attacks escalate into full scale breaches, because the consequences of incidents can be severe.
Continuous attacks require continuous monitoring
Criminals don’t work on nine-to-five schedules, so defences must operate round the clock, 24/7, 365 days a year.
But with the government’s study also highlighting that the majority of higher and further education institutions rely on inhouse resources to protect their environments, it’s highly unlikely this level of coverage is being achieved.
Internal teams are notoriously stretched, often working with minimum budgets, skeleton resources and having to blend security in with other commitments.
But, given the frequency of attacks targeting this sector, this could leave them exposed.
Positively the study did highlight that further and higher education institutions have adopted important technical security controls, such as MFA, password policies and regular patching, but technical defences alone are not enough to thwart all attacks.
Digital environments need to be monitored continuously, across every single asset and cloud environment, while security teams need to be ready to step into action at any time of day to respond to and mitigate incidents.
Universities and colleges therefore must adopt a more proactive approach to security, combining robust technical controls with continuous, round-the-clock security monitoring.
By Mark Robertson, CEO of Acumen Cyber
Responses