Class clown hackers cost education sector millions

The threats facing the UK’s world-leading universities and the steps they can take to protect themselves are outlined today (18 Sept) in a report from the National Cyber Security Centre (NCSC), a part of GCHQ.

The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals.

While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities.

The assessment notes that while cyber criminals using methods such as phishing attacks and malware pose the most immediate, disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.

To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area.

Measures to support universities have been outlined in Trusted Research, from the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff and researchers.

Sarah Lyons, Deputy Director for Economy and Society at the National Cyber Security Centre, said:

“The UK’s universities are rightly celebrated for their thriving role in international research and innovation collaborations.

“The NCSC’s assessment helps universities better understand the cyber threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach.

“NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyberspace.”

The assessment found that the open and outward-looking nature of the universities sector, while allowing collaboration across international borders, also eases the task of a cyber attacker.

Among the examples highlighted in the assessment was an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.

The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material.

The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber crime for the first half of 2018 were £145m. 

Advertisement

Universities across the globe fail to learn the importance of cybersecurity

The state of Louisiana recently declaring a state of emergency after three malware attacks on schools and the University of York’s data breach, both highlight the issue of security in the education sector.

New research shows universities suffer over five devastating cyber attacks a semester.

Research by network protection experts, EfficientIP, and IDC found 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.

The research also revealed:

  • Organisations in the education sector suffered on average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000.
  • 50% of organisations suffered compromised websites, high above the global average of 45% organisations experiencing this.
  • 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services.

EfficientIP, whose technology is used by Manchester Metropolitan University and Leeds Beckett University, surveyed 900 security experts from nine countries across North America, Europe and Asia. The report found the education sector is failing to invest in its own security. 

DNS security veteran Ronan David, VP of Strategy at EfficientIP, knows the devastating impact DNS attacks can have on the education sector. 

Education sector not taking $7,370,000/year cyber threat cost seriously

Universities fail to learn the importance of cybersecurity, suffering over five devastating cyber attacks a semester 

EfficientIP, specialists in DNS security for service continuity, user protection and data confidentiality, revealed the education sector is one of the most heavily targeted industries by cyberattacks in its 2019 Global DNS Threat Report. Research by EfficientIP and IDC found 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.

Surveying 900 security experts from nine countries across North America, Europe and Asia, the report found the education sector is failing to invest in its own security. Organisations suffered an average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000. 

The research also revealed half of the DNS attacks education institutions experienced last year were phishing-based. These attacks have devastating impacts for education organisations. These can range from in-house application downtime, affecting 66%, to compromised websites: 50%, high above the global average of 45% organisations experiencing this.

If education institutions are going to properly protect themselves and students enrolled, they need smarter countermeasures. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% shutting down affected processes and connections. Pulling the plug might help stop attacks, but it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis and threat intelligence are needed to identify these threats before they begin, and quarantine attacks without taking entire servers offline, disrupting normal service.

Education has fallen behind healthcare, retail and other industries with only 22% of education institutions surveyed prioritising monitoring & analyzing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation, 8%, education is beginning to fall behind in too many key areas to quickly catch up.

David Williamson, CEO of EfficientIP, commented:

“Hackers are always looking for an easy way in, so it is disappointing the education sector is failing to invest in security despite universities and education facilities being a clear priority for hackers. When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.

We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating. Education organisations need to be more proactive, fully embracing DNS security. Otherwise, application downtime and the loss of sensitive and confidential  data will keep damaging their reputations, alienating prospective students.”

You may also be interested in these articles:

Register, Login or Login with your Social Media account:


Advertisers

Latest Education News

Further Education News

The FE News Channel gives you the latest education news and updates on emerging education strategies and the #FutureofEducation and the #FutureofWork.

Providing trustworthy and positive Further Education news and views since 2003, we are a digital news channel with a mixture of written word articles, podcasts and videos. Our specialisation is providing you with a mixture of the latest education news, our stance is always positive, sector building and sharing different perspectives and views from thought leaders, to provide you with a think tank of new ideas and solutions to bring the education sector together and come up with new innovative solutions and ideas.

FE News publish exclusive peer to peer thought leadership articles from our feature writers, as well as user generated content across our network of over 3000 Newsrooms, offering multiple sources of the latest education news across the Education and Employability sectors.

FE News also broadcast live events, podcasts with leading experts and thought leaders, webinars, video interviews and Further Education news bulletins so you receive the latest developments in Skills News and across the Apprenticeship, Further Education and Employability sectors.

Every week FE News has over 200 articles and new pieces of content per week. We are a news channel providing the latest Further Education News, giving insight from multiple sources on the latest education policy developments, latest strategies, through to our thought leaders who provide blue sky thinking strategy, best practice and innovation to help look into the future developments for education and the future of work.

In May 2020, FE News had over 120,000 unique visitors according to Google Analytics and over 200 new pieces of news content every week, from thought leadership articles, to the latest education news via written word, podcasts, video to press releases from across the sector.

We thought it would be helpful to explain how we tier our latest education news content and how you can get involved and understand how you can read the latest daily Further Education news and how we structure our FE Week of content:

Main Features

Our main features are exclusive and are thought leadership articles and blue sky thinking with experts writing peer to peer news articles about the future of education and the future of work. The focus is solution led thought leadership, sharing best practice, innovation and emerging strategy. These are often articles about the future of education and the future of work, they often then create future education news articles. We limit our main features to a maximum of 20 per week, as they are often about new concepts and new thought processes. Our main features are also exclusive articles responding to the latest education news, maybe an insight from an expert into a policy announcement or response to an education think tank report or a white paper.

FE Voices

FE Voices was originally set up as a section on FE News to give a voice back to the sector. As we now have over 3,000 newsrooms and contributors, FE Voices are usually thought leadership articles, they don’t necessarily have to be exclusive, but usually are, they are slightly shorter than Main Features. FE Voices can include more mixed media with the Further Education News articles, such as embedded podcasts and videos. Our sector response articles asking for different comments and opinions to education policy announcements or responding to a report of white paper are usually held in the FE Voices section. If we have a live podcast in an evening or a radio show such as SkillsWorldLive radio show, the next morning we place the FE podcast recording in the FE Voices section.

Sector News

In sector news we have a blend of content from Press Releases, education resources, reports, education research, white papers from a range of contributors. We have a lot of positive education news articles from colleges, awarding organisations and Apprenticeship Training Providers, press releases from DfE to Think Tanks giving the overview of a report, through to helpful resources to help you with delivering education strategies to your learners and students.

Podcasts

We have a range of education podcasts on FE News, from hour long full production FE podcasts such as SkillsWorldLive in conjunction with the Federation of Awarding Bodies, to weekly podcasts from experts and thought leaders, providing advice and guidance to leaders. FE News also record podcasts at conferences and events, giving you one on one podcasts with education and skills experts on the latest strategies and developments.

We have over 150 education podcasts on FE News, ranging from EdTech podcasts with experts discussing Education 4.0 and how technology is complimenting and transforming education, to podcasts with experts discussing education research, the future of work, how to develop skills systems for jobs of the future to interviews with the Apprenticeship and Skills Minister.

We record our own exclusive FE News podcasts, work in conjunction with sector partners such as FAB to create weekly podcasts and daily education podcasts, through to working with sector leaders creating exclusive education news podcasts.

Education Video Interviews

FE News have over 700 FE Video interviews and have been recording education video interviews with experts for over 12 years. These are usually vox pop video interviews with experts across education and work, discussing blue sky thinking ideas and views about the future of education and work.

Events

FE News has a free events calendar to check out the latest conferences, webinars and events to keep up to date with the latest education news and strategies.

FE Newsrooms

The FE Newsroom is home to your content if you are a FE News contributor. It also help the audience develop relationship with either you as an individual or your organisation as they can click through and ‘box set’ consume all of your previous thought leadership articles, latest education news press releases, videos and education podcasts.

Do you want to contribute, share your ideas or vision or share a press release?

If you want to write a thought leadership article, share your ideas and vision for the future of education or the future of work, write a press release sharing the latest education news or contribute to a podcast, first of all you need to set up a FE Newsroom login (which is free): once the team have approved your newsroom (all content, newsrooms are all approved by a member of the FE News team- no robots are used in this process!), you can then start adding content (again all articles, videos and podcasts are all approved by the FE News editorial team before they go live on FE News). As all newsrooms and content are approved by the FE News team, there will be a slight delay on the team being able to review and approve content.

 RSS IconRSS Feed Selection Page