Record numbers of colleges and universities are taking cyber security seriously, Jisc’s fifth annual cyber security posture survey suggests. Near all, 92pc of further education (FE) and 86pc of higher education (HE) respondents feel that cyber security is a strategic priority for senior managers.
Dr John Chapman, head of Janet policy and strategy at Jisc, said: “This is really encouraging and exactly the trend we want to see, but it’s still the case that not all colleges and universities are as well protected as they could be, which is concerning. The incidence of ransomware attacks against the sector has rocketed, with the same number of attacks in the first half of 2021 as in the whole of 2020, so we are pleased but not surprised that security is high on the agenda for the vast majority of Jisc members.
“Those organisations which do not take cyber security seriously probably won’t have the right processes and technical solutions in place to stop or mitigate an attack when it happens, and the impact could be devastating.”
Jisc provides digital services for UK unis and colleges. Ransomware, listed as the second biggest threat in 2020, is now first according to the survey; phishing is ranked second and accidental data breaches – those down to human error – is third. Jisc says that the survey suggests that steps are being taken to combat ransomware, however, including a sharp rise in the use of multi-factor authentication (MFA) – which can reduce the likelihood of a successful attack. Jisc advocates having it in place for all users and across all systems.
Most, 87pc of further and higher education (HE and FE) bodies have MFA for some or all staff, up by 15 and 23 per cent respectively on 2020. HE institutions deploying MFA for some or all students increased by 27 percent on 2020 to stand at 49pc. Most, 73pc of HE and 66pc of FE bodies require compulsory security awareness training for staff; broadly consistent with responses in 2020. And more institutions are going for cyber insurance: 47pc in HE and 72pc in FE organisations have some form of cyber security cover.
Event
Steve Kennett, Executive Director, e-Infrastructure & Senior information risk owner at Jisc is among speakers at the Association of Colleges’ conference on November 17 about ransomware attacks and the cyber threat landscape. Also speakers are from the UK official National Cyber Security Centre (NCSC); and Dundee and Angus College, which suffered a January 2020 cyber attack.
