Earlier this year, the FE and HE technology solutions not-for-profit, Jisc, conducted a  survey of its members to find out their attitudes towards cyber security, which found that colleges are over-estimating their ability to guard against cyber attacks.

When asked to assess their perceived level of protection, 43% of colleges scored their organisation eight or more out of ten, while the mean score was 7.1, which was more optimistic than universities’ mean score of 5.9. Their optimism could be due to the lack of security specialists working in the FE sector, leaving colleges in the dark.

Colleges have less in the way of budget allocation and specialist staff than universities, and are far less likely to have achieved the government’s Cyber Essentials standard. On the plus side, 10 times the number of colleges are working towards Cyber Essentials this year, compared to last year (29% compared to 3% in 2017). 

Paul Feldman, Jisc CEO, has warned that a lack of resources and investment meant colleges are not as well defended against cyber attacks as they should be, and colleges still appear to be unrealistic about the risk.

What are the biggest threats?

Lack of awareness and accidental breaches – such as emailing sensitive data to the wrong recipients – are considered by colleges to be the biggest threat to their cyber security, according to the survey.

Ransomware/malware comes in at number two, followed by phishing and social engineering, such as clicking on dodgy email links or being tricked into giving away passwords. 

Colleges are right to be concerned about the risk of human error to cyber safety since duping staff and students is the most common method employed by criminals to infiltrate systems, steal data and commit fraud and other crime.

Phishing attacks and social engineering are become more sophisticated and difficult to spot, so good security training and using a second factor for authentication for users is essential.

Colin Truran, Principal Technology Strategist at Quest Software, said: 

“Universities are required to permit vast numbers of students the ability to connect their devices to the network in order to gain access to all of the digital facilities the university provides. The challenge for universities is to enable free connection whilst limiting and preventing malicious activity and uncontrolled sensitive data sprawl.

“The rapid growth in personal devices has left many universities with poorly designed networks unable to support the modern connected world. To prevent this from happening in the future, radical changes to the design of networks are required. AI threat detection and automated threat response can detect and remediate malicious activity, and restructuring the environment can isolate sensitive services from student activity. External threats are always a risk to universities, but the greatest threat will always be from the highly intelligent and inquisitive student body.

Advertisement

“Another complication for universities comes from the fact that creativeness is not limited to their students. Often their technology management teams find ways with a limited budget to achieve complex problem solving with creative scripting and integration. This leads to environments with excessive complexity which creates a much larger attack surface area as a result.

“Universities need to invest in their digital environment to enable them to modernise their data management practices, remove complexity, isolate sensitive services and enable the environment to understand threats quickly and react accordingly.  In this way they will give both internal and external malicious entities far fewer opportunities and a much shorter time to do it in.”

Training

The BBC suggests that a security analysis of cyber-attacks against universities and colleges in the UK has discovered staff or students could often be responsible, rather than organised crime or hacking groups.

Commenting on this, Nick Murison, managing consultant at Synopsys, said: 

“Some of this will come down to educating staff and students. Campus networks can feel like safe places for students to try their hand at hacking, with some of the activity being down to curiosity as opposed to any intentional malice.

"Staff may feel that their data doesn’t warrant much protection as it’s “just research data” that holds little commercial value, and so may not take appropriate steps to secure their systems. University IT departments are constantly battling “shadow IT”, with students and staff connecting various systems to the network that are not centrally managed, and are often not secured.

"Universities should ensure that everyone understands the impact of lax security and “messing around”, both through education campaigns and making it clear that there are real-world consequences for violating IT security policies, not to mention the law.

"Any threats are likely to be a combination of internal threats as well as external threats, where external attackers have managed to install malware on internal systems, and pivoting their attacks from the outside through internal systems. For example, if a Denial of Service attack seems to start and stop based on office hours, this could be down to a member of staff or a student turning their laptop or desktop computer on and off. The user of the computer may be entirely unaware of what is happening.

"Much like dealing with any other threat actor, it comes down to minimising risk through keeping systems up to date, enforcing strong security controls for both internal and external systems, and enforcing principles of least privilege. You cannot simply rely on a strong external perimeter; you have to harden all systems in anticipation of attacks from both the outside and the inside.”

The proportion of respondents reporting compulsory staff and student security awareness training has increased since 2017, but Jisc would like to see compulsory training for all staff and students. Of those taking part in this year’s survey, 55% of colleges provide compulsory staff security training and 31% insist students undertake a course. There is optional training for staff at 18% of responding colleges, and for students at 10%. But there is still room for improvement: 24% said there was no system of security awareness training for staff and 43% failed to teach students. 

John Chapman 2017 100x100Dr John Chapman, Head of security operations centre, Jisc, said:

"One of the most effective methods of discovering how good, or not, college defences are is to ask an independent expert to conduct a penetration test. Many more colleges have decided to do this in 2018 – only 14% don’t – than in 2017, when 41% did not test. And we are also pleased to note that colleges are far more interested in security assessments this year (76% up from 59% in 2017).

"We can draw the conclusion from this survey that colleges are taking cyber security seriously and acknowledge the risk of human error and the value of expert advice. However, there is still an air of complacency that needs addressing – colleges think they are in a better place than may in fact be the case."

The Jisc survey was conducted over six weeks from the end of March until the middle of May and collected responses from 49 colleges and 65 universities.

You may also be interested in these articles:

Advertisers

Newsroom Activity

Kerry Boffey added a new event 2 days ago

Introduction to Fellowship of Inspection Nominees

Join Kerry Boffey, founder of the Fellowship of Inspection Nominees (fin) for an informal session outlining fin support available to providers in...

  • Tuesday, 14 July 2020 02:00 PM
  • On-line. Longdon Hall, Longdon on Tern

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.

Podcasts

We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.

Events

FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page