The UK’s
cybersecurity agency also outlines precautions that academia should take to
mitigate risks
The United
Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning to universities across the country, urging
them to be on their guards against cyberattacks.
The main risk
is, in fact, two-fold. Firstly, it comes from ne’er-do-wells seeking financial
gain via what are often untargeted attacks. When the attacks are targeted,
however, they “have the potential for greater financial impact”, notes the
cybersecurity agency.
“Cybercrime will
probably present the most evident and disruptive difficulties for
universities,” reads the threat assessment.
At the same
time, however, the report sounds the alarm on a more silent threat, one that is
“likely to cause greater long-term damage” – state-sponsored attacks and
espionage. These incursions seek strategic gain and are aimed at intellectual
property theft from institutions that house valuable research data and other
assets, which is largely why they fall in the crosshairs of cyberattackers.
To defend
against incursions, the universities are being urged to ensure they have a
range of basic measures in place. This includes security-conscious policies and
strict authentication and access controls, as well as making sure that university networks are designed with security considerations in mind. Still,
the very first line of defense, as noted by the report, is “good security
awareness among staff and students”.
Techniques
may be evolving but, courtesy of their high success rate, attacks
involving social engineering remain a staple. Indeed, a team of ethical
hackers recently conducted simulated attacks at more than 50 universities in
the UK and, in each case, got their hands on high-value data within two hours.
As we also wrote back then, key to the 100-percent success
rate was spear-phishing, a targeted form of phishing that involves sending a bespoke email to a
well-researched prospective victim.
Here is
our list of measures that educational institutions are well
advised to take in order to defend against cyberattacks.