With system breaches at universities doubling over the past two years, cyber-resilience is an increasing concern. In the first of two blog posts Kuldip Sandhu, Higher and Further Education Consultant, Innovative Quality Solutions looks at the challenges and considers solutions to strengthen defences
About 500,000 UK students start university every year, arriving full of high hopes and expectations. It is taken for granted that they will have easy access to institutional IT systems and have seamless wi-fi across the campus as they invariably do at home.
It is an enormous challenge for the IT departments at the UK’s 136 universities to successfully integrate the new arrivals and maintain the institutions’ cyber resilience. And the fact is, most first-year students are unlikely to have the experience of using similar large-scale IT systems so their role in helping keep them safe and secure only adds to the concerns in maintaining a robust, reliable and resilient ecosystem.
As the first heady days of university life are shared across social media with family, childhood friends and new friends; new followers are added to accounts, making students an easy target for social engineering or phishing by sophisticated cyber criminals.
This is where they can – potentially – become a vulnerability in the system, particularly as 90% of cyber-attacks succeed because of human error. A hacker can easily entice a “new friend” to click on a seemingly-innocuous post or link which gives them access to the system and an array of valuable and varied data. This could include personal and financial information of staff and students through to intellectual property and major research project findings.
Universities are increasingly seen as an attractive target. There has been a doubling of cyber-attacks in the last two years with 87% of IT leaders from 50 UK universities saying they experienced at least one successful cyber-attack on their system.
A successful cyber-attack can have a vast reaching impact beyond the loss of data. Like any business which suffers a breach, it can affect a university’s reputation and, therefore, potential income as it could become more difficult to attract organisations or Governments to join in partnerships or get involved in new and innovative research projects.
More crucially, damaged reputations can dissuade students who provide about 54% of UK universities’ income. So, the challenge is how to maintain an accessible ecosystem which is also cyber-resilient.
Students should be pre-prepared for their IT experience at university by having some initial awareness training as an integral part of their induction process. This is possible through on-line awareness training which is made available as soon as their university place is confirmed post-A-level results, so they arrive for Freshers Week ready and prepared.
Introducing RESILIA® Frontline, a GCHQ provider of cyber security and data protection awareness training:
As a suite of proven eLearning modules, each one takes 10 to 15 minutes to complete and covers the full spectrum of cyber risk including online safety, phishing, social media protection, protecting information and safe device use.
The training provides practical and jargon-free guidance and is supported by games, animations, audio stories and downloadable PDFs, helping to reinforce learnt behaviours. It has been deliberately designed in a way that engages people of all levels of understanding. The training is online-based, allowing easy integration into a universities existing IT systems, and there is a learning dashboard for administrators to measure and track progress.
The training gives students a clear understanding of the threats they face and helps them develop the right online behaviour required for effective cyber resilience. It also provides them with valuable skills and knowledge to carry through to the workplace after they graduate.
Furthermore, the modular approach of RESILIA Frontline provides universities with the opportunity to conduct refresher training over the course of a student’s education and form part of a university’s wider cyber-resilience programme. Something that would benefit universities when cyber-attacks and data breaches are getting more and more sophisticated.
Visit AXELOS.com/resilia-higher-education to request a free copy of the paper ‘Protecting the reputation of UK Higher Education with your most valuable defence: your people’, co-authored by myself and AXELOS Global Best Practice.
You can also speak to one of the RESILIA team or request a free live demo by visiting AXELOS.com/resilia-frontline.
About Kuldip Sandhu
Kuldip Sandhu is a Managing Director of Innovative Quality Solutions (IQS) and a C-level Digital / IT Transformation and Change Programme delivery specialist with 23+ years working in IT across public and private sectors internationally having worked for PwC, TCS, HP, Reuters and the UK MoD in the past.
Some of his clients have included: RBS, Citigroup, Aviva, Scottish Widows, Coventry City Council, University of London International Academy, UCAS, British Transport Police, Hogan Lovells LLP, University of Cambridge and Durham University.
He is passionate and excited about delivering digital/IT change to enhance the engagement of customers and to deliver efficiencies and improve IT maturity. He brings Digital and IT strategy development, IT best practice, implementation, delivery, and benefits management expertise.