A recent investigation has revealed that technological systems at UK universities are unable to fend off cyber-attacks, after hackers accessed “high-value” data in under two hours.
Jisc, a company that provides network services to universities and research centres in the UK, conducted a test using “ethical hackers”. They were able to quickly data including research networks and personal and financial information.
“Alarmingly, when using spear phishing as part of its penetration testing service, Jisc has a 100 per cent track record of gaining access to a higher education institution’s high value data within two hours,” stated the report.
John Chapman, the head of Jisc’s security operations centre, said: “It is critical university leaders consider whether their cyber protection governance is sufficiently robust.
“We are not confident that all UK higher education providers are equipped with the adequate cyber-security related knowledge, skills and investment.
“Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat.”
Last year more than 200 institutions reported over 1,000 attempts of hackers trying to steal sensitive data or disrupt their infrastructure.
Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat
– John Chapman
Previous cases of cyber-attacks against UK universities include Iranian hackers infiltrating into British universities, including the universities of Oxford and Cambridge, and obtaining sensitive research on nuclear power plants.
Furthermore, students have reported scam emails sent by Student Finance England which stated that students will “lose or delay” their September payment if they fail to provide personal information.
The emails also included links which would allow malicious software to be downloaded onto victims’ devices when clicked.
A report by the Joint Committee on the National Security Strategy (JCNSS) has called for greater action in improving cyber-security and warned against the threat of “potentially devastating” attacks in the future.
A spokeswoman from Universities UK (UUK) also said that “data security is an absolute priority”. She further added that work was being done alongside the National Cyber Security Centre to “help improve and strengthen security practices to better protect the sector from cyber threats”.