The National Cyber Security Centre (NCSC) issued the first of many alerts to universities and colleges nearly a year ago. With the rising number of cyber-attacks threatening to disrupt the start of the academic term, the education sector has continued to face a surge in cyber-attacks. There are no immediate signs this is slowing down.

In part one of this five-part series, we will explore the official trends to explain why universities and colleges are under threat from cyber-attacks. As the new academic term fast approaches, we will explore the security challenges facing this sector and guide you to manage your cyber security risk.

Why are Higher Education Institutions a target?

Cyber-attacks are not a new threat to the education sector. Dating as far back to September 2017, worrying Freedom of Information (FOI) figures released by the Times reported 1,152 security breaches in 2016-17. The number of recorded attacks had doubled in two years, with British universities being actively targeted by cyber attackers.

On a global scale, according to the Microsoft Global Threat Activity tracker, the education sector was the most affected industry, reporting 62% (circa 5.7 million) malware encounters within the past 30 days. Informed by over 8 trillion daily security signals, the Microsoft Digital Defence Report presents telemetry and insights about the current state of cyber security. In the September 2020 report, education appears in the Top 10 targeted industries for Business Email Comprises (BEC) and Top 6 by Nation-State Threats. STRONTIUM, PHOSPHORUS, BARIUM, THALLIUM, and ZINC threat actors targeted universities from July 2019–June 2020.

Microsoft Security Intelligence: Global Threat Activity

Accordingly to security incident figures collected by the Information Commissioners Office (ICO), the education sector was reported to have the third-highest ransomware incidents since April 2020. This was behind manufacturing and financial services. So, what makes higher education establishments an appealing target for cybercriminals?

  • Personal & Sensitive Data. Education institutions are responsible for securing significant volumes of sensitive student and staff, personal data, valuable intellectual property, and world-leading research, makes them a tempting target for cybercriminals.
  • Frequency & Scale of Student Community. Due to the transient nature of higher education institutions, with a vast and frequently changing student population, universities and colleges are further exposed to potential cyber-attacks. As we approach the start of the academic term, there is a renewed warning around phishing campaigns. Attempting to gain access to sensitive student credentials, financial details under the decoy of student loans or grants in the weeks leading up to payment dates or for threat actors to deploy ransomware by encouraging users to open a malicious file.
  • Reliance on Internal Education. Even with the most sophisticated cyber security systems, the weakest link is always the user. Successfully gaining access to network systems is made simpler by the unique number of users in higher education environments. All it takes is one carefully crafted phishing email and one user to click. Phishing attacks remain a popular method for hackers to distribute damaging malware, such as ransomware, that encrypts valuable data and demand payment to decrypt. Phishing is also low risk, minimal cost yet, potentially high reward for cybercriminals.
  • Security Skills, Resource & Budget Constraints. As the threat environment evolves and more sophisticated tactics are used, it is challenging to stay ahead of the latest security vulnerabilities. Even when a new critical vulnerability is identified, significant time and resources are required. Legacy IT systems, budget constraints and, often limited dedicated security staff adds overwhelming pressures to the education sector.

According to the Center for Internet Security (CIS) Control 7: Continuous Vulnerability Management

Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate, and minimize, the window of opportunity for attackers.

Threat Actors Thriving on Uncertainty

Threat actors and targeted cyber-attacks thrive on uncertainty. There has never been more of an opportunistic time than that presented by the pandemic.

Universities, colleges, and schools, around the globe, closed their premises and made an accelerated move to completely adapt their existing operating models. With entire infrastructures shifted to allow for remote teaching and learning practices, not all were ready. UK education institutions quickly became a persistent target for cybercriminals.

It was not just in the operational changes that we saw threat actors take advantage of. We also witnessed in person-centred, social engineering, cyber-attacks, such as Phishing attacks. Criminals sought to manipulate and prey on the general aura of fear, anxiety, and tension prevalent in the presence of Covid-19.

The threat environment we face continues to evolve. Cybercriminals are creative, well-resourced, well-organized, and innovative. They move quickly to discover new threat vectors, use new exploits, and respond to new defenses.

– Microsoft