Major academic institutions at risk of cyber attacks

Academic institutions are becoming increasingly exposed to cyber attacks and are having to take action to protect themselves says research.

According to a new research paper released by the National Cyber Security Centre, Springer Nature has discovered the pace of cyber attacks is increasing on academic institutions.

Statistically, a ransomware attack occurs every eight minutes and in the past few years, a number of academic institutions worldwide have been confronted with ransomware attacks, stealing personal information from university students and employees, such as addresses, phone numbers, social security numbers, academic progress reports and financial documents. In some cases, this data then gets posted on the dark web where it can be used for criminal activities.

A leading expert in the field, Alan Brill senior manager for cybersecurity at the Kroll Institute explains that 30 years ago libraries were fairly autonomous institutions. They used systems that just worked in the library setting. Now everything is interconnected and students can reach the library through the university network. At the same time, the library can reach out to students, faculty, staff and other libraries, all through a network. This interconnectedness between the library and the institutions is being exploited by cybercriminals.  

According to the Scholarly Networks Security Initiative, the higher education sector, in particular, is facing cyber attacks due to the large amount of personal and research data that universities and library systems store routinely. A report published by the National Cyber Security Centre shows that the university sector was the third most vulnerable to cyber attack.

Usually, the risk of a cyber attack is not focused on one department but it exists across the whole organisation. This means that every part of the organisation has to have an awareness of security, says Brill. So, for example, if you have a bookstore on campus that offers credit and debit card payments, it is important, that they follow payment card industry standards. Or if the campus has a healthcare facility, the university needs to make sure that this data is stored securely, explains Brill. He points out that this is also true for libraries for whom information is at the centre of their work. Libraries have to take the responsibility for securing their parts of the system and be actively participating in the overall cybersecurity strategy.

According to Brill, when operationalising cyber security, there is a deep intertwining between the elements. The library knows the information that it wants and it understands how that information should be appropriately distributed. The IT department will then, based on the library’s instructions, make sure only people that are part of the university’s network are given access to resources.

However, the IT department will need to authenticate who is out there and determine what their characteristics are. It can then pass along this information to the library, for the library systems to make the decision on whether to grant or deny access to specific parts of the library. 

At the same time, according to Brill it is important, that the administration, registrar’s office, faculty and library staff, all do their part to achieve strong, pre-emptive cyber security. Cyber responsibilities should not be siloed off to the IT or risk management departments.

Universities are targets for cyber attacks because their data is vulnerable and valuable, that’s why it is vital for academic institutions to provide resources to cyber security and protect themselves from potential attacks.

Share

Featured Articles

Secure 2024: AI’s impact on cybersecurity with Integrity360

With 2023 seeing increased AI in cybersecurity, and rising cyberattacks, Integrity360 leaders consider what the 2024 cyber landscape will look like

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Network Security

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI