For some, meaningful investment in cyber security only comes after some breach or incident. Prevention is always better than – and cheaper than – a cure. Hence a plea by Jisc, the UK body that serves higher education with cyber and other services such as the Janet IT network, for all senior leaders to engage with cyber security.
Technical managers need the support of vice chancellors, principals and their board members, who ought to have oversight and take responsibility for cyber security as a strategic priority, says Dr John Chapman, Head of Janet policy and strategy, at Jisc. In a blog, he introduces Jisc’s cyber impact report first published in November 2020 and this month revised (32-page pdf on this link) and updated to include anonymised case studies of more recent incidents that underline the increased threat of ransomware attacks.
In the 18 months between reports, the main development has been the sustained increase in ransomware attacks, he writes: 15 further education (FE) and higher education (HE) organisations were impacted by ransomware in 2020, a further 18 in 2021, and at least three so far in 2022. More than 100 UK schools have also been affected.
Ransomware attacks have evolved with more threat actors applying ‘double extortion’ methods, demanding a ransom to provide a decryption key and threatening to make sensitive data public if the ransom isn’t paid. There have also been instances where attackers have sought out back-ups, to hamper recovery and apply further pressure.
Despite financial constraints, it’s not all bad news in the report; it hails leadership awareness of cyber attacks as increased tremendously over the last few years and particularly since the covid-19 pandemic (that as in other fields, brought cyber and IT more to the fore as staff and students worked and learned remotely, using tech that had to be secure). A mass migration to remote working inadvertently opened institutions to attack by implementing insecure remote access, the report says; though institutions did speed up the bringing in of MFA (multi-factor authentication) as a control.
Institutions are becoming more prepared, the report states. “However, our work has concluded that it is a case for all institutions of when an incident or a breach will occur and not if one will occur,” it adds.
Over the past few years, Jisc’s computer security incident response team (Jisc CSIRT), has handled between 5,000 and 6,000 incidents and queries a year. Who’s posing the threats? State sponsored actors, cyber criminals, disgruntled students, and opportunists, according to the report – ‘potentially at the same time’. General cyber-crime activity is affecting the education sector in the same way other industries, but attacker reconnaissance can also lead to ‘highly refined operations’, the report says.
And as for when, the report says that threat actors frequently launch attacks at times when staff are less likely to be ready to detect and respond, such as during evenings, weekends and holidays; something Jisc’s CSIRT is ‘painfully aware of’, as the report puts it. Few institutions have so far appointed a chief information security officer (CISO) role.
More at the Jisc website: https://www.jisc.ac.uk/blog/latest-cyber-impact-report-underlines-ransomware-as-a-huge-threat-20-apr-2022.
June event
What is the new normal now students and researchers have returned to campus? How far along are you on your digital transformation? Those are questions ahead of a Jisc event at Nottingham Trent University (NTU) on June 8 to 10.
