A recent study carried out by VMware and Dell EMC, has confirmed that UK universities are struggling to keep their sensitive data safe.
The study, which was conducted between November and December 2018, included 75 senior IT leaders at 68 universities. 49% of universities said that a cyber-attack is attempted on their institution daily or more than once a week, with 49% stating that their overall security practices need to be more robust to compensate for the lack of IT investment.
In most cases, hackers were looking to steal research data. Of the research data that was stolen, as much as 93% of it was commissioned by the Government and almost 33% of it was related to national security. Not only does this present a threat to national security, but it will also affect the universities’ income.
On average, UK universities generate £22m per year for their research, which benefits both the Government and the British economy. As such, it is crucial that universities do everything they can to protect this data.
Insiders Continue to Be the Problem
It should be noted that a large number of security incidents affecting UK universities are carried out by insiders, whether intentional or not. According to the above report, “half of respondents believe professors/teaching staff and students are most likely to be the causes of data breaches”.
Jisc – a non-profit organization who offers IT related advice and services to UK universities – was required to conduct a security analysis of universities in order to gain insights into how their security defenses could be improved. The analysis found that “the number of attacks decreases dramatically” when the holidays begin, thus suggesting that the attacks are either initiated or propagated by insiders.
Jisc was also commissioned to carry out penetration tests to see how well universities would fare in the event of an attack. Of the 50 universities that were involved in the tests, all of them failed to adequately safeguard their sensitive data. In each case, the “ethical hackers” were able to obtain “high-value” data within two hours, with some failing the tests on multiple occasions. The most effective approach to accessing sensitive data was through “spear phishing”, where the hackers – masquerading as a known or trusted entity – target specific students and staff members in order to extract confidential data or convince them to install a malicious program.
What Can Be Done?
According to Dr John Chapman, head of security operations for Jisc, “It’s notoriously difficult to identify individual cyber-criminals”. While this may be true to an extent, they should at least be able to carry out a forensic analysis to identify any correlation between type of attack that took place, and the events that took place around that time.
For example, they should be able to quickly identify who had access to the data that was breached, when the data was accessed, and why. A failure to obtain such information in a timely manner will no doubt make it difficult to identify the culprits. While it is understandable that universities are required to operate on a tight budget, these days there are large number of affordable technologies that can make the process a lot easier.
A sophisticated Data Security Platform that makes use of DCAP (Data-Centric Audit & Protection) solution will enable IT teams to monitor important events, such as changes made to user account privileges, and access to files and folders containing sensitive data.
They can receive real-time alerts and detailed reports, and even detect and respond to events that match a pre-defined threshold condition, such as multiple failed login attempts or bulk file encryption. IT administrators can view an immutable list of all changes via an intuitive console, thus enabling them to quickly identify the cause of the breach, whilst ensuring that they are compliant with the relevant regulations.