Over the past two years, higher education institutions in the UK have been key targets for cyber attacks, posing a significant threat to scientific learning standards and data protection. In recent years, high-profile attacks on British universities have put the education sector on alert.
Cyber attackers are aware of the high volume of online communications that pass between students, professors, university staff and other campus guests and use social engineering techniques such as phishing emails, where the goal is to trick users into sharing sensitive information including the registry in detail, to hack university networks and steal data.
Alternatively, they can use ransomware, a type of malware that accesses a device or corporate network and threatens to publish the victim’s or organization’s private data, to block network access until a fee is paid. rescue.
To help the country protect itself from these threats, the UK government has introduced cybernetic: a framework to help any public or private sector organization improve its cybersecurity posture. The goal of the scheme is to certify well-protected organizations and provide them with the necessary assessments to make the most of their cybersecurity investments. With recent attacks clearly reminding universities of the importance of cyber protection, it is time for the industry to notice.
Threats of the age of distance learning
Following the pandemic, distance learning became commonplace for the first time. Before the health crisis, students, professors and administrative staff gathered on campus on a daily basis, with relatively few exceptions. But the overnight shift to frequent or hybrid remote learning has brought with it a wider range of cyber threats.
More than ever, an inexplicable number of endpoint devices, such as computers or smartphones connected to a network, are spread across the country in every university, with thousands of students connected remotely by household appliances and home wi-fi networks. This decentralized IT infrastructure can open security gaps that present new opportunities for attackers.
As a result, a wave of cybercrime is hitting British educational institutions and criminals are developing sophisticated digital attacks to steal intellectual property. For instance, Salford University chief information officer Mark Wantling recently revealed his institute’s research data on vaccinations were specifically targeted during the pandemic.
It is therefore imperative that higher education institutions use cyber essentials to develop cybersecurity strategies that protect learning environments and ensure their intellectual assets are adequately protected, but to do so there are some significant hurdles to overcome.
Technological challenges associated with distance learning
Due to the nature of the new decentralized IT infrastructure, universities may not have complete visibility into all of their assets and, as a result, will not be aware of any devices connected to their network that may be vulnerable.
This lack of visibility often leads educational institutions to struggle to patch software and identify problem devices in a timely manner, making IT risk mitigation difficult. If attacked, these institutions are unlikely to be able to respond quickly enough to prevent damage, a situation that could easily be avoided by implementing comprehensive endpoint security.
By implementing these tools, data can be automatically collected across all endpoints, allowing laptops to create solution policies and install software updates and patches as they are needed. For example, using Tanium for endpoint visibility and control, Salford University transformed its risk position and incident response capabilities, reducing missing software patches by more than 99% – from over 38,000 to nearly zero.
However, technological challenges aren’t the only thing holding back universities.
The challenge of skills
At the same time, higher education institutions are also struggling to retain skilled IT talent due to a lack of funds and resources. IT professionals are often offered better terms in private companies, such as improved pay and benefits, often tempting the best talent to drop ship.
For this reason, university IT teams are often understaffed, overworked, and underqualified. As a result, they struggle to manage complex IT ecosystems and need the additional support that implementing endpoint visibility tools can provide to improve their overall cybersecurity posture.
Meet the essentials of cyber
Due to the complexity of the typical university IT network, IT teams need to start using security strategies that allow them to adhere to the government’s cyber essentials scheme. This means they must use tools that can create a real-time inventory of all assets within the institution, scanning the IT assets for threats in real time.
Cyber attacks pose an ongoing threat to intellectual data learning and security, while distance learning has presented new technological challenges and risks. That’s why educational institutions need to establish robust security control and management strategies, leveraging the cyber essentials scheme to guide them on this journey.
Ultimately, a university’s security strategy must be focused on protecting two of its most important areas: student learning and research data. To adhere to the IT Essentials Checklist and achieve cyber hygiene, a set of practices for ensuring control of critical data and securing networks, effective endpoint management strategies are essential. This will ensure that universities are well placed to prevent cyberattacks for the remainder of 2022 and beyond.
Kirk Bellerby is the UK Director and Head of Higher Education at Tanium.
Cyber Security Essentials for Higher Education
Source link Cyber Security Essentials for Higher Education