The Higher Education Policy Institute (HEPI)
and the education sector’s technology not-for-profit, Jisc,
have today jointly published How safe is your data?
Cyber-security in higher education (Policy Note 12).
The paper reveals:
-
under penetration testing, there is a 100 per cent track
record of gaining access to higher education institutions’
high-value data within two hours;
-
173 higher education providers engaged with Jisc’s
Computer Security Incident Response Team (CSIRT)
in 2018 (a 12 per cent increase); and
-
during 2018, there were more than 1,000 Distributed
Denial of Service (DDoS) attacks detected at 241 different UK
education and research institutions.
The paper highlights areas of concern, pinpoints the
sources of cyber attacks and proposes specific actions
universities should take to tackle the issue, including the
adoption of a new British Standard
on cyber risk and resilience.
Dr John Chapman, Head of Jisc’s Security Operations Centre
and the author of the report, said: “Cyber attacks are becoming
more sophisticated and prevalent and universities can’t afford to
stand still in the face of this constantly evolving
threat.
“While the majority of higher education providers take this
problem seriously, we are not confident that all UK universities
are equipped with adequate cyber-security knowledge, skills and
investment.
“To avert a potentially disastrous data breach, or network
outage, it is critical that all university leaders know what
action to take to build robust defences.”
, Director of the Higher
Education Policy Institute, said: “Universities hold masses of
data on sensitive research, on the inventions of the future and
on their staff and students, but some of it is not properly
secured.
“The two main functions of universities are to teach and to
research. Students like having their personal data used to
improve teaching and learning. But this support is conditional
and is unlikely to survive a really serious data breach.
Meanwhile, future UK economic growth is highly dependent on
university research. This provides valuable information that a
few unscrupulous foreign governments are keen to access.
“Despite the challenges, cyber security is an area where we
know how to make a difference, especially when there is
leadership from the top. University managers and governors need
to address cyber-security issues, including through the new
British Standard on Cyber risk and resilience.
Meanwhile, regulators need to consider imposing minimum
cyber-security and network requirements to keep students and
staff safe.”
Professor David Maguire, Chair of Jisc and Vice-Chancellor
of the University of Greenwich, said: “Universities are
absolutely reliant on connectivity to conduct almost all their
functions, from administration and finance to teaching and
research. These activities accrue huge amount of data; this
places a burden of responsibility on institutions, which must
ensure the safety of online systems and the data held within
them.
“Developing strong cyber-security policies is vital not
only to protect data, but also to preserve the reputation of our
university sector. The HEPI / Jisc paper will help to
draw higher education leaders’ attention to this important aspect
of their work.”
Notes for Editors
-
Jisc is a not-for-profit organisation providing the UK’s
national research and education network, Janet, to which all
universities and research centres are connected. It also
supplies other technology solutions for its further and higher
education members. Jisc is funded by the UK higher and further
education and research funding bodies and member institutions.
Jisc’s vision is for the UK to be the most digitally advanced
education and research nation in the world. For further
information, see www.jisc.ac.uk.
