In the last two years, higher education institutions in the UK have been key targets for cyber attacks, posing a significant threat to teaching standards and the protection of scientific data. In recent years, high-profile attacks on UK universities have brought the education industry on high alert.
Cyber-attackers are aware of the large amount of online communications that take place between students, faculty, university staff, and other campus guests, and use social engineering techniques such as phishing emails to trick users into sharing sensitive information. including the magazine. in detail, for hacking university networks and data theft.
In addition, they may use extortionists, a type of malware that accesses a device or corporate network and threatens to publish the personal data of the victim or organization to block access to the network until a rescue fee is paid.
To help the country protect itself from these threats, the UK government has introduced essentials in cyber: A framework to help any public or private sector organization improve its cybersecurity position. The goal of the scheme is to certify organizations that are well protected and provide them with the necessary assessments to make the most of their cybersecurity investments. With the recent attacks reminding universities of the importance of cyber defense, it’s time to pay attention to it.
Threats of the era of distance learning
As a result of the pandemic, distance learning has become commonplace for the first time. Prior to the health crisis, students, faculty, and administrative staff met on campus daily, with relatively few exceptions. But the simultaneous transition to frequent distance or hybrid learning has brought with it a wider range of cyber threats.
More than ever, countless end devices, such as computers or smartphones connected to the network, are being distributed at every university across the country, and thousands of students are connecting remotely from personal devices and home Wi-Fi networks. This decentralized IT infrastructure can open up security gaps that present new opportunities for attackers.
As a result, a wave of cybercrime is breaking out on British educational institutions, and criminals are developing sophisticated digital attacks to steal intellectual property. For example, This was recently announced by Salford University Chief Information Officer Mark Wantling His institution’s research on vaccinations was specifically directed during the pandemic.
It is therefore important that higher education institutions use the foundations of cybernetics to develop cybersecurity strategies that ensure the safety of the learning environment and ensure the proper protection of their intellectual assets, but this requires overcoming some significant obstacles.
Technological problems associated with distance learning
Due to the nature of the new decentralized IT infrastructure, universities may not have full visibility of all their assets and, as a result, will not be aware of any devices connected to their network that may have vulnerabilities.
This lack of visibility often results in educational institutions having difficulty applying software patches and detecting problematic devices in a timely manner, making it difficult to reduce IT risks. In the event of an attack, these agencies are unlikely to be able to respond quickly enough to prevent harm – a situation that could have been easily avoided by implementing comprehensive endpoint security.
By deploying these tools, data can be automatically collected at all endpoints, allowing laptops to create policy decisions and install software updates and fixes as soon as they are needed. For example, using Tanium for visibility and endpoint control, Salford University transformed its position of risk and incident response capabilities by reducing missing software patches by more than 99%: from more than 38,000 to almost zero.
However, technological problems are not the only thing holding back universities.
The task of skills
At the same time, higher education institutions are also struggling to retain skilled IT talent due to lack of funding and resources. IT professionals are often offered better conditions in private companies, such as higher pay and benefits, which often tempts the best talent to jump off the ship.
For this reason, university IT teams often lack resources, are overburdened and understaffed. As a result, they find it difficult to manage complex IT ecosystems and need additional support that can be provided by implementing endpoint visibility tools to improve their overall position in cybersecurity.
Meeting with cybernetics
Due to the complexity of a typical university IT network, it is necessary for IT teams to start using security strategies that allow them to follow the government’s cybernetics scheme. This means they need to use tools that can create an inventory of all assets in an institution in real time by checking IT assets for real-time threats.
Cyberattacks pose a constant threat to the learning and security of intellectual data, while distance learning poses new technological challenges and risks. This is why educational institutions need to establish strong controls and security management strategies, using a cyber-based scheme to help them along the way.
Ultimately, the university’s security strategy should focus on protecting the two most important areas: student learning and research data. To follow the cyber-basics checklist and achieve cyber-hygiene – a set of practices to ensure critical data control and network security – it is important to implement strong endpoint management strategies. This ensures that universities will be in a good position to prevent cyber attacks by the end of 2022 and beyond.
Kirk Bellerby is the Director and Head of British Higher Education at Tanium.