Almost 50 University networks in the UK were able to be hacked into, via sophisticated spear-phishing attacks, according to a recent article.
This was orchestrated by ‘ethical hackers’, as part of a test by the Higher Education Policy Institute, as well as JISC (a digital support service for higher education).
In some cases, the attacks took under an hour. As a result, this enabled hackers to look into personal information of both staff and students. It also allowed the ethical-hackers to access financial records, intellectual property and sensitive research data.
According to another article, there are currently 154 Universities and Higher Learning Institutions in the UK, and over 2 million undergraduates and postgraduates enrolled at the Universities. The implications of hackers succeeding could have long-lasting and serious effects on the universities affected.
A BBC article outlines some of the consequences, including disastrous data breaches and network outages. The head of Jisc, Dr John Chapman stated: “Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat”.
Spear-phishing attacks are increasingly becoming more sophisticated. Hackers often use an email, pretending to be somebody that the victim knows, for example, a professor at their university. There will be a link that sends the victim to a website that will either drop malware or steal sensitive information.
As a result of the successful hacking, a research paper was written- outlining strategies that the universities can take to prevent possible future hacking.
The list includes: knowing where data is stored, knowing who has access to the data and being confident systems are up-to-date. It was also recommended that both students and staff are trained in security awareness, and incident response plans should be in place; as well as developing strong cybersecurity policies.