In a second blog post looking at the cyber resilience challenge in the further and higher education market, Kuldip Sandhu of Innovative Quality Solutions, considers the responsibilities academic and administrative staff have in helping to beat the hackers.
Universities have become a hunting ground for the unscrupulous hackers. Recently the Cobalt Dickins hacking group, which is linked to the Iranian government, was revealed to be behind an attempt to breach the systems of 76 universities in 14 countries. This included a number in the UK in the Times Higher Education Top 50 as well as others across Europe, the US and Asia.
This came just six months after the US Department of Justice charged nine Iranian hackers with attacking more than 300 universities around the world. This attack succeeded in duping 8,000 academics to respond to a phishing email and saw the group access 15 billion pages of academic projects.
These projects often include cutting-edge research and lucrative intellectual property which is why the further and higher education sector is so attractive to the hackers. They see potential riches – not a surprise when the Economist magazine reports that data is now the world’s most valuable commodity.
In my last blog post I examined the importance of helping students understand their role in cyber resilience. However, the thwarted attacks give a stark reminder as to why it is so important for academic and administrative staff to have the right online behaviours. They use technology as an enabler to manage personal information, carry out experiments and collate data. So it has never been more vital to understand about good online behaviours.
University staff have to know what their responsibilities are in keeping their institution’s IT system resilient particularly as 90% of cyber breaches are caused by human error. In a recent KPMG/Harvey Nash report education is the worst-affected sector for cybercrime.
Beating the threats is made even more complex as the majority of colleges and universities operate with clear distinctions between departments and faculties with little crossover and often on different sites, sometimes miles apart.
That is why it is important to have clear guidelines about staff’s online behaviours, particularly as any breach has the potential to inflict reputational and financial damage on the institution. It is also likely that research projects will involve academic and research staff working with industry partners, even other universities, which creates “weak spots” – so it is vital everybody understand how to keep the IT system secure.
Cyber resilience training should therefore be mandatory and all modules should be completed otherwise being locked out of IT systems could be a consequence.
RESILIA® Frontline provides the perfect tools: a suite of proven e-learning modules designed to be integrated easily into a university’s existing IT system. Each module takes ten to 15 minutes to complete and covers the full spectrum of cyber risk including online safety, phishing, social media protection, protecting information and safe device use. It includes a learning dashboard for administrators to measure and track progress.
The reality is that a cyber breach could be just a mouse click away and the evidence shows one in three universities face hourly attempts, so it is unlikely the threat isn’t going away soon.
Putting the right awareness training in place for staff and students alike will help to thwart the unscrupulous and protect reputations.
Visit AXELOS.COM/resilia-higher-education to request a free copy of the paper I co-authored with AXELOS ‘Protecting the reputation of UK Higher Education with your most valuable defence; your people’, co-authored by myself and AXELOS Global Best Practice.
You can also speak to one of the RESILIA team or request a live demo by visiting AXELOS.com/resilia-frontline.
Read Kuldip Sandhu's previous AXELOS blog post Universities need to meet student challenge for cyber resilience