First threat assessment for universities produced by National Cyber Security Centre

The threats facing the UK’s world-leading universities and the steps they can take to protect themselves are outlined in a new report from the National Cyber Security Centre (NCSC). The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals.

While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities. The assessment notes that, while cyber criminals using methods such as phishing attacks and malware pose the most immediate and disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.

To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure that potentially sensitive or high-value research is separated rather than stored in one area.

Measures to support universities have been outlined in Trusted Research from the Centre for the Protection of National Infrastructure and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff and researchers.

Sarah Lyons, deputy director for the economy and society at the NCSC, explained: “The UK’s universities are rightly celebrated for their thriving role in the area of international research and, indeed, their innovation collaborations. The NCSC’s assessment helps universities better understand the cyber threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach. The NCSC is working closely with the academic sector to ensure that, from wherever the threat might emanate, the sector is able to protect its research in cyber space.”

Easing the task for cyber attackers

The assessment found that, while allowing collaboration across international borders, the open and outward-looking nature of the universities sector also eases the task of a cyber attacker.

Among the examples highlighted in the assessment was an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.

The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material.

The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber crime for the first half of 2018 were £145 million.

*The threat assessment for universities can be read here with a blog post also discussing the research in detail

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts