Every hour 36% of the Universities in the UK is hit by a cyber attack, and In recent years, the
number of cyber attacks on universities has seen a significant rise. The question is why are universities such a desirable target?
There can be different sort of actors that have various motivations to break into the universities. The motives depend on the size and the intellectual property the University possesses. Foreign governments could be a threat when it comes to research data (i.e., nuclear research). But also smaller forms of cyber attacks are not uncommon. Cyberstalkers want to do reputational damage or ransomware could be placed for financially motivated attacks. That insider threat of current students that want to manipulate the grading system or retrieve exam information is also present.
The problematic challenges the universities face to protect them from cyber attacks is that they have characteristics that make them vulnerable. Freedom of information is the key to every university, but this also makes a place where a lot of open networks are connected with each other. Combine this with the fact that thousands of student and employees want to connect all their own devices to this network. The students or employees don’t have to be aware that their computer is infected and still will connect it. The organization form of the university does not help to form one barrier against threats. The different faculties can be running different IT security protocols, which makes it hard to establish one barrier.
How can Universities still try to protect themselves against these threats? The most important thing to do is that Universities centralize their IT Security protocols and make sure all faculties, also supporting, implement them. All the networks should be protected by the same standard of encryption. It should also identify the most valuable data and implement extra security measures for this data. After that it should create cyber security awareness under the students and employees, it can give out free malware detection software to users for their own devices. To end with, Cybersecurity should not be underestimated by universities and should stay a permanent agenda point.
EY. (2017). What cyber threats do higher education institutions face? | EY Advisory. Advisory.ey.com. Retrieved 9 October 2017, from https://advisory.ey.com/cybersecurity/cyber-threats-higher-education-institutions
Information Management. (2017). Why universities are so vulnerable to data breaches. Information Management. Retrieved 9 October 2017, from https://www.information-management.com/opinion/why-universities-are-so-vulnerable-to-data-breaches
Interesting article! In my opinion, big instances like these universities should invest in these hackers to show them the weak spots of their network. However, it is hard to change these talented hackers from bad guys into good guys. Research shows that young hackers are not simply motivated by money, but they just want to impress their friends and challenge the political system. That makes it hard to turn them into valuable assets for a company, since increasing financial incentives will not change their minds.
So in my opinion, the real challenge for these instances and companies is to change these young hackers’ mindsets and make their skills valuable and marketable in order to close the gap in cyber security.
reference:
https://www.theguardian.com/society/2017/apr/21/teenage-hackers-motivated-moral-crusade-money-cybercrime