UK Universities Are a Prevailing Target of Cyber Criminals
by Raymund Taylan, Senior Security Advisor
29 July 2020
More than half of surveyed universities reported a data breach to the Information Commissioner’s Office (ICO) in the last 12 months. This is one of the key findings in the recent research report shared on RedScan’s website. This report is based on Freedom of Information (FOI) requests sent to 134 universities across the UK, of which 83 responded.
According to The National Cyber Security Centre (NCSC), UK universities are targets of financially motivated cybercriminals due to their research data, intellectual property and other assets that can be used by perpetrators to gain an advantage over their international rivals.
Digging deeper in the report, it reveals that 20% of surveyed universities are not Cyber Essentials or Cyber Essential Plus certified. Cyber Essentials is a government scheme backed by NCSC (National Cyber Security Centre) to help organisations improve their cyber maturity in terms of having security controls and visibility to protect their estate from cyber-attacks.
Having visibility and control over an organisation’s assets is crucial. System monitoring and security controls must be managed and attended by qualified personnel to ensure appropriate actions are carried out in the event of system failure or cyber-attack.
Having qualified personnel in the organisation is one of the keys to maintaining low cyber risks in the estate. The FOI requests show that each university employs, on average, three qualified cyber security professionals. Given the global shortage of cyber security professionals, organisations should start building strategic plans on how cyber security personnel can be supported, upskilled, and employed long term.
Keeping visibility and control over university assets is one of the keys to keep the risk level low. To maintain this, it is recommended to have qualified personnel who are receiving continuous cyber security training and enforcing security awareness to users who are common targets of cyber-attacks.