Article

The cybersecurity learning curve

The personal information and research held by education organisations is of interest to cybercriminals, making it crucial to take the right steps to protect it.

By Tim Ferguson

Mon 21 Jan 2019 @ 15:34

Education is one of the foundations of human progress. Whether it’s art, science, literature, technology, medicine, law or philosophy, the sharing of knowledge has built our world. And current knowledge forms the basis for future innovation.

Modern technology has made it faster and easier than ever before to access and share knowledge. But there are challenges in providing an academic network.

While previous generations of students may have faced the prospect of a library book they needed being out of stock, today it could be that they’re unable to access an entire academic network – as the DDoS attack and resultant outage suffered by the Janet academic services network in 2015 demonstrated.

Cyberattacks on universities are on the rise too, with more than 850 attacks across the UK in 2017/18 aimed at almost 190 universities and colleges – up from fewer than 600 attacks on about 140 institutions the previous year.

Analysis by the Joint Information Systems Committee (Jisc) suggests that staff or students are often responsible, rather than organised crime or hacking groups. As a result, ways to stop internal attempts to attack the network are high on the agenda for many universities.

Staff and students of a school, college or university need information to be available to facilitate the sharing of knowledge and exchange of ideas. But this information must be accessible by only the right people.

Another challenge for academic institutions is the number of personal devices being used to access systems – something that has become much more of an issue since smartphones and tablet computers have become the norm.

Educational institutions hold a huge amount of sensitive personal information on file, due to the thousands of students and staff (as well as contract workers) that make up an academic community. This data needs to be kept secure but also must be stored and processed in the correct way to meet privacy regulations.

Cybercriminals may also want to access research information for nefarious purposes. For example, scientific research could be sold to the highest bidder or data could be encrypted by hacktivists who then hold an education institution to ransom.

This kind of compromise impacts the reputation of the institution in question, but also puts at risk any government or private-sector funding for the research being carried out.

These are big challenges, made all the more difficult by tight budgets and the limited number of security staff that educational organisations have at their disposal.

Education institutions should monitor their network and systems to gain visibility across their organisation so that any compromise is quickly detected and dealt with. This is particularly crucial as cybercriminals will try any means to gain access, making it highly likely that they will succeed.

If this visibility is lacking, threats can linger for months before they become an issue and it will be impossible to know if there has been an unintended disclosure of data. Such disclosures account for 30 per cent of all data breaches at higher-education institutions, second only to hacking and malware (36 per cent).

Gaining this visibility with limited resources is made easier with a single-pane view of the network provided by security incident and event management (SIEM). These systems are able to flag incidents for further investigation, with more modern versions also able to automatically contain or shut down threats as they’re detected. SIEM also has the added bonus of helping with compliance.

While this approach helps deal with external threats, the risk posed by insider threats also needs to be addressed. Such threats can be accidental or deliberate and can be tackled by user and entity behaviour analytics (UEBA), which learn normal patterns of behaviour to provide quick and accurate responses to anomalous activity.

The high volume of personal information and research data that education institutions hold makes them a target for cybercrime. Combined with limited security budgets and headcount, such organisations face a steep learning curve when it comes to cybersecurity.

But by putting the right technology and processes in place, they should go to the top of the class.