Universities and colleges told to prepare for a wave of cyber attacks
Education providers should instal safeguards ahead of new term start, warns UK security agency
Universities and colleges are being warned of a rising number of cyber attacks that could threaten the start of term.
The alert from the National Cyber Security Centre (NCSC) follows an investigation into a recent spate of attacks on colleges and universities around the country, including ransomware attacks that disrupted Newcastle and Northumbria universities at the start of September.
The NCSC is recommending that organisations implement a 'defence in depth' strategy to protect against the threat of malware. This approach recommends the use of a layered system of security measures with multiple defence mechanisms ready to step in if one is compromised.
Organisations are also being advised to implement an incident response plan, which should include a scenario for a ransomware attack that has been fully exercised.
"This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible," said Paul Chichester, director of operations at the NCSC.
"While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted."
2020 email security strategy guide
A people-centric approach to stopping malware, phishing, and email fraudDownload now
The NCSC's investigation began in August, shortly after cloud service provider Blackbaud notified its customers that it had been hit by ransomware, a clientele that is mostly made up of non-profit organisations and education providers. A number of universities and colleges were reported to have lost data in the attack.
At the start of September, Northumbria University was forced to cancel exams and shut down its clearing hotline after a cyber attack. This was swiftly followed by a similar incident at Newcastle University, which forced a number of online support services offline.
Ahead of the new academic year, with students returning to universities and colleges under social distancing measures, the NCSC has issued a set of security recommendations. These include an effective vulnerability management and patching procedure, the use of multi-factor authentication, the scrapping of scripting environments and macros, and the installation of antivirus software to prevent phishing.
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Leading the data race
The trends driving the future of data scienceDownload now
How to create 1:1 customer experiences at scale
Meet the technology capable of delivering the personalisation your customers craveDownload now
How to achieve daily SAP releases
Accelerate the pace of SAP change to support your digital strategyDownload now