Universities and colleges face increased cyber threat

Cyber security experts have stepped up support for UK schools, colleges, and universities following a spate of online attacks with the potential to de-rail their preparations for the new term.

The National Cyber Security Centre (NCSC) issued an alert to the sector containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks.

And research from digital PR and SEO agency TopLine Comms found that one third of UK universities have been subjected to ransomware attacks according to Freedom of Information requests submitted to 134 universities in July 2020.

Of the 105 universities that responded, 35 universities admitted to being attacked (33%), 25 universities said they hadn’t been (24%) and 43 universities refused to answer (45%).

Of all the 35 universities that admitted they were attacked, 34 confirmed they did not pay ransoms. The remaining university, Liverpool John Moores, refused to reveal whether it had paid a ransom or not.

The majority of incidents happened in 2015 (31% of incidents), 2016 (34%) and 2017 (23%).

With most universities reporting isolated incidents, Sheffield Hallam University and City, University of London stood out, reporting 42 attacks since 2013, and seven attacks since 2014, respectively.

Immediate Steps

The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.

The NCSC’s alert urges universities and colleges to take immediate steps such as ensuring data is backed up and also stored on copies offline.

They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks, and to develop an incident response plan that they regularly test.

Paul Chichester, director of operations at the NCSC, said: “This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

“We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves.”

David Corke, director of education and skills policy at the Association of Colleges, said: “As the last six months have shown us, it has never been more important for colleges to have the right digital infrastructure in order to be able to protect their systems and keep learning happening, whatever the circumstance.

“This needs a whole college approach and for a focus wider than just systems, it needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong.

“This guidance will prove incredibly useful for colleges to ensure that they can do just that.”