Increase in cyber security attacks requires a sector-wide strategic response

Cyber security attacks are on the rise. Henry Hughes, Director of Security at Jisc, offers several preventative approaches and reactive defences to help strengthen our universities against cyber crime.

Cyber attacks in the education sector

So far during 2021, nine further education colleges and six universities across the UK have been hit by an unprecedented wave of ransomware attacks. This compares to 15 tertiary providers that were hit by this kind of attack during the whole of 2020.

The immediate impact for some victims has been devastating. Organisations have been taken offline for weeks, their systems and services crippled, their data irrecoverable.

The longer-term impact can extend over weeks or months, with heavy implications for staff time and resources. Yet, our recent Jisc cyber impact report suggests the full impact is difficult to measure and may never be fully known.

Jisc supports the sector by protecting members’ connections to the Janet Network and providing a range of cyber security services and advice. However, it is essential that senior leaders at individual member organisations take ownership of their security postures, too.

A sector-wide strategic response is crucial.

Admittedly, education institutions are no more, or less, at risk of cyber crime than any other connected organisation. But it’s definitely a case of when, not if, so robust preparation is essential.

Protecting the education sector from cyber attacks

An effective security and cyber resilience strategy comprises many components. It encompasses both preventative measures, designed to stop incidents from occurring, and responsive defence measures, which will ensure attacks and incidents are addressed effectively and efficiently.

Preventative approaches include:

  • Patching strategies and policies – make sure systems are kept up to date, addressing both known and future vulnerabilities as they are identified.
  • Multi-factor authentication – when an additional ‘factor’ is required alongside a username and password to log in, account compromise is much more difficult.
  • Regular, compulsory security awareness training – this promotes a positive security culture amongst staff and students.
  • Regular rehearsal and testing for readiness – this helps identify gaps and shortcomings. It’s better to discover these during an exercise rather than during an attack.

Reactive defences include:

  • Incident reporting, and response processes and procedures – these ensure that everyone knows how to report, and what they should do in the event of an incident or attack.
  • Backup/restore arrangements – these are the foundation of all recovery efforts. It is essential that isolated off-site backup arrangements are in place to allow recovery from any ransomware attack or a business continuity incident.

Cyber attack resources for leaders

The National Cyber Security Centre (NCSC) provides accessible, comprehensive, and free resources to help senior leaders assess readiness in the event of an incident or attack:

Exercise in a Box provides a range of structured resources, scenarios, and exercises to help plan and rehearse an organisation’s response to attacks and incidents.
The NCSC Board Toolkit and the Jisc cyber impact report encourage and facilitate essential cyber security discussions between boards and their technical experts. This helps them to effectively work together to establish and maintain a strong security posture.

You can find more information on the Jisc cyber security pages, and at our Jisc security conference on 9 to 11 November 2021, which is free for Jisc members.

Henry Hughes is the Director of Security at Jisc.