Navigating cybersecurity challenges in Higher Education

4 min read
Navigating Cybersecurity Challenges in Higher Education

in partnership with

Higher education institutions present an attractive target for cyber criminals and nation states given their work on high value research, global reputations, and large user base. Universities are also seen as markers of national capability, with a thriving university sector translating to innovative start-ups and world-leading technological capabilities. This means they are often a target for hostile nation states with the aim of embarrassing governments. The DDoS attacks on University of Cambridge and University of Manchester by Anonymous Sudan are recent examples of this being put into practice.

Securing applications, data and networks at higher education institutions poses a unique challenge. Universities have thousands of students, researchers, lecturers, and back-office staff located in multiple buildings and faculties, across distributed campuses. Combined with a growing international footprint, it creates a huge attack surface that criminals can exploit.

This has not gone unnoticed by cyber criminals. The Arctic Wolf Labs 2024 Threat Report reveals that the median ransom demand in the education sector now stands at $650k, which is above the average across all industries. Further, universities and colleges find themselves in the top ten lists of organisation types most likely to appear in leak sites. Amidst these challenges, there are a number of steps universities can take to improve their chances of defending themselves from a successful attack.

Each new academic year introduces more risk

Like any organisation, universities experience cyber threats year-round. However, the start of a new academic year always brings a notable increase in the number and profile of threats. A new group of students and staff join at the same time, each unfamiliar with the environment and the security practices that should be applied. This creates an easy hunting ground for those with malicious intent. For example, phishing emails can be sent during this time encouraging students to share personal details. Even simple activities, such as enrolling into classes and signing up to clubs, offer opportunities for criminals to exploit and trick users into sharing personal or financial information to subsequently use against them.

To address this, Steve Wood, Head of Managed Services at Xtravirt recommends, “As University IT teams take on each new cohort of students, they must reset their cyber protection education program, assuming staff and students have no knowledge and experience. By offering security guidance from day one, extending and reinforcing it with regular training throughout the duration of their time with the university, awareness is consolidated, making it harder for fraudsters to exploit users.”

Hs_Steve_Wood.jpg
Xtravirt

“As University IT teams take on each new cohort of students, they must reset their cyber protection education program, assuming staff and students have no knowledge and experience. By offering security guidance from day one, extending and reinforcing it with regular training throughout the duration of their time with the university, awareness is consolidated, making it harder for fraudsters to exploit users.”

Head of Managed Services, Xtravirt

Contending with limited resources

Higher education institutions can face considerably tighter resource pools when compared to most private sector organisations, with budget often being prioritised for research, innovation, and education. When constraints on IT and security budgets are combined with an ever-increasing attack surface, including students’ own devices, remote access, and enabling services for short-run research projects, it’s clear to see why those responsible for maintaining IT security face considerable governance challenges.

These resource constraints also apply when looking to attract the right talent. Often, universities cannot offer the same salaries which large private companies can, meaning more work is placed on fewer shoulders and leading to quicker burnout.

In these situations, Xtravirt’s Steve Wood recommends, “Universities should look for specialist IT service partners who can work with their existing teams to prioritise what changes need to be made and help maintain a robust and secure infrastructure. For example, simply having a partner in place who can be trusted to filter out noise and minimise distraction, can significantly ease pressure on a university’s own security teams.”

Protecting research assets

Universities use research not only to distinguish themselves, but to secure commercial success and enhance their reputation. As such, the data generated through research projects can hold immense value, potentially helping a country become a global leader in a new technology, or a business develop a new life saving drug. Any breach in this data could have far-reaching consequences, impacting the commercial success of global corporations, or compromising sensitive geopolitical interests.

As universities increasingly face scrutiny regarding risk and compliance, demonstrating robust security measures becomes imperative if they want to continue attracting investment from companies and governments for commissioned research projects. Robin Gardner, Sales & Strategic Services Director at Xtravirt explains, “As universities build research partnerships with external organisations, they need to meet the data protection and information security standards of those bodies – be that through ISO certification or more evidenced based controls – before data and intellectual property is handed over. Aggressive funding timelines mean that these need to be operating to the highest standards as a matter of course rather than addressed on a case-by-case basis.”

“As universities build research partnerships with external organisations, they need to meet the data protection and information security standards of those bodies – be that through ISO certification or more evidenced based controls – before data and intellectual property is handed over. Aggressive funding timelines mean that these need to be operating to the highest standards as a matter of course rather than addressed on a case-by-case basis.”
Hs Robin Gardner
Robin Gardner
Sales & Strategic Services Director

Collaboration with students

Finally, it is important universities consider all the resources available to them. For example, many offer information security courses aimed at providing students with the skills to become security leaders. IT teams can work with these students to give them valuable first-hand experience of managing security software and situations, while reducing the workload on the current security team.

As higher education institutions learn to navigate the threat landscape, it is imperative they remain proactive and collaborative in their defences. By taking the steps outlined above, and working with trusted providers, universities can set themselves in the best position to combat threats year-round, protecting their staff, students and the valuable IP they generate.

share
Table of Contents
Subscribe to the Xtravirt Newsletter

Receive updates from the Xtravirt team, including information on new technologies and the expert analysis of cloud trends and strategies you should know about, unsubscribe anytime using the link included in every email.