Universities targeted by cyber criminals and state-sponsored hackers can fight back
With high numbers of students and visitors using multiple devices to access their networks and applications (and new users registering every year), universities face more problems than most when it comes to protecting their data and systems from cyber attacks. Hackers will target educational establishments because they are perceived to lack the budget and manpower to establish effective cyber security defences against unauthorised intrusion from both internal and external sources.
The rising target
Freedom of information requests submitted by journalists, working for The Times newspaper in the UK, found that cyber security breaches at institutions doubled in the two years up to November 2017. Over 1,150 attempted intrusions were recorded during the period, commonly using ransomware, phishing and denial of service (DoS) malware.
Some academics suspect state-sponsored hackers or criminals looking to sell on secrets were behind the attacks. They suspect this given the sensitive nature of the scientific, engineering and medical research being conducted at universities, often destined for use by the military and energy industry.
In February this year, the US Department of Justice charged nine Iranian hackers for their part in a three year campaign. The campaign was designed to penetrate and steal more than 31TB of data (estimated to include more than US$3bn of intellectual property) from universities worldwide. State-sponsored activity was again suspected, originating from a Tehran-based organisation called the Mabna Institute – they were thought to have links with Iran’s Islamic Revolutionary Guard.
No university can ever guarantee immunity from all cyber attacks, but there are tools and processes that resident IT staff can put in place to minimise the chances of their data and systems being stolen or corrupted. Proper network segmentation can quarantine threats to stop them spreading further for example, whilst formal software patching and update protocols can make sure applications are protected by the latest upgrades.
Efficient identity access management (IAM) tools can help with end user authentication with network traffic monitoring, helping to identify suspicious traffic patterns that might indicate an attack is imminent or in process.
As ever, education is paramount – the weakest link in the cyber security chain is often human, and students trained in good cyber security practice are often the best defence available.