Major academic institutions at risk of cyber attacks

Academic institutions are becoming increasingly exposed to cyber attacks and are having to take action to protect themselves says research.

According to a new research paper released by the National Cyber Security Centre, Springer Nature has discovered the pace of cyber attacks is increasing on academic institutions.

Statistically, a ransomware attack occurs every eight minutes and in the past few years, a number of academic institutions worldwide have been confronted with ransomware attacks, stealing personal information from university students and employees, such as addresses, phone numbers, social security numbers, academic progress reports and financial documents. In some cases, this data then gets posted on the dark web where it can be used for criminal activities.

A leading expert in the field, Alan Brill senior manager for cybersecurity at the Kroll Institute explains that 30 years ago libraries were fairly autonomous institutions. They used systems that just worked in the library setting. Now everything is interconnected and students can reach the library through the university network. At the same time, the library can reach out to students, faculty, staff and other libraries, all through a network. This interconnectedness between the library and the institutions is being exploited by cybercriminals.  

According to the Scholarly Networks Security Initiative, the higher education sector, in particular, is facing cyber attacks due to the large amount of personal and research data that universities and library systems store routinely. A report published by the National Cyber Security Centre shows that the university sector was the third most vulnerable to cyber attack.

Usually, the risk of a cyber attack is not focused on one department but it exists across the whole organisation. This means that every part of the organisation has to have an awareness of security, says Brill. So, for example, if you have a bookstore on campus that offers credit and debit card payments, it is important, that they follow payment card industry standards. Or if the campus has a healthcare facility, the university needs to make sure that this data is stored securely, explains Brill. He points out that this is also true for libraries for whom information is at the centre of their work. Libraries have to take the responsibility for securing their parts of the system and be actively participating in the overall cybersecurity strategy.

According to Brill, when operationalising cyber security, there is a deep intertwining between the elements. The library knows the information that it wants and it understands how that information should be appropriately distributed. The IT department will then, based on the library’s instructions, make sure only people that are part of the university’s network are given access to resources.

However, the IT department will need to authenticate who is out there and determine what their characteristics are. It can then pass along this information to the library, for the library systems to make the decision on whether to grant or deny access to specific parts of the library. 

At the same time, according to Brill it is important, that the administration, registrar’s office, faculty and library staff, all do their part to achieve strong, pre-emptive cyber security. Cyber responsibilities should not be siloed off to the IT or risk management departments.

Universities are targets for cyber attacks because their data is vulnerable and valuable, that’s why it is vital for academic institutions to provide resources to cyber security and protect themselves from potential attacks.

Share

Featured Articles

BlueVoyant's Tom Moore Talks Legal Procedure Following Hack

BlueVoyant's Tom Moore explains how companies should act with legal council following a cyber attack

GDPR: Studying the World's Strictest Security Law 6 Years On

We take a look at the history, impact, and future of GDPR to see how it has effected the cyber sphere six years after its enactment

Banking Titan Baird Gives 9 Pointers for Cyber Investors

Investment bank Baird have made nine observations from RSA Conference that investors should consider when investing in today’s cyber market

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

Cyber Security

Tenable: Security Expertise Gap Threatening Cloud Expansion

Operational Security