As students settle into term time at university, cybersecurity is likely not at the forefront of their minds. However, with 97% of higher education organisations reporting a cyberbreach or attack in the past year, universities must prioritise cybersecurity measures to protect their students and staff.
The growing threat to university networks
The rise in attacks on university networks is alarming but not surprising. Universities hold vast amounts of valuable data, including research papers, intellectual property (IP), student and staff details, and financial information. This makes them prime targets for hackers. The repercussions of a breach can be far-reaching, impacting not only personal data security but also causing revenue loss and significant reputational damage.
Recent university data breaches highlighted in the media underscore just how severe the ramifications can be. Breaches like these can lead to operational disruptions, financial losses, and a tarnished reputation, affecting the institution’s ability to attract and retain students and staff.
Increasing vulnerabilities in higher education
The era of online and hybrid learning, along with the widespread adoption of cloud computing across institutions, has increased universities’ vulnerability to cyberattacks. While these technological advancements offer many benefits, they also open new avenues for threat actors, such as ransomware and phishing attacks.
Staying protected – steps to improve cyber-resilience
To combat these threats, universities must invest in robust cybersecurity infrastructure. Here are the critical steps that decision-makers should consider to enhance cyber-resilience:
•Strengthen supply-chain security
Supply chains can be complex and susceptible to attacks. The recent global IT outage that impacted 8.5 million computers worldwide demonstrated the catastrophic impact supply chain disruptions can have. While the CrowdStrike outage was the result of an unintended error rather than a malicious attack, it highlighted the need to mitigate such risks.
The best way for universities to reduce the risks of such disruption is through preparation. It’s vital that they invest in the right foundations, including secure and reliable network solutions. This can help ensure any data stored or processed by this technology is accessible to those who need it and kept safe from the hands of cybercriminals.
Conducting thorough forensic audits can also help identify and mitigate potential risks within the supply chain, ensuring a secure network environment. Universities should consider specific tools or frameworks for these audits to strengthen their defences.
•Embrace zero-trust security
Zero-trust security, also known as perimeterless security, is a modern approach that requires continuous authentication and validation of all users, both inside and outside the network. This model ensures that access to data is strictly controlled and monitored, significantly reducing the risk of cyberattacks. Universities can implement this by establishing strict access controls and regularly reviewing user permissions.
•Proactively address phishing threats
Phishing attacks remain a prevalent threat, accounting for a sizeable portion of breaches. These attacks often exploit human emotions and can deceive even the most cautious individuals. Regular awareness training and reminder emails about the dangers of phishing can help to eliminate these vulnerabilities. Universities should implement specific training programs and foster a culture of cybersecurity awareness among staff and students.
•Invest in advanced network solutions
Traditional “castle-and-moat” cybersecurity models, which rely on protecting a centralised data centre with firewalls, are becoming obsolete. With the shift towards cloud-based applications and remote working, solutions such as Secure Access Service Edge (SASE) and Security Service Edge (SSE), employed in conjunction with Software Defined Wide Area Networks (SD-WAN), provide a more effective defence.
By combining advanced network solutions like SASE, SSE, and SD-WAN, institutions can modernise their infrastructure and enhance their security posture. This layered approach enables enhanced visibility, proactive threat prevention, and comprehensive, centralised control – ensuring that universities can protect data and access points while adapting to the evolving needs of students and staff.
•Prepare for Denial-of-Service attacks
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks can cripple university networks, making crucial services unavailable. To counter these threats, universities should invest in DDoS mitigation services. These services help maintain operational continuity and protect against the significant disruptions and reputational damage caused by such attacks. Effective DDoS mitigation tools can provide real-time protection and resilience.
A resilient future for staff and students
Today’s cybersecurity threats demand a proactive and resilient response from universities. Ensuring a secure digital environment is not just about safeguarding data – it’s about maintaining trust, reputation, and operational continuity. Now is the time for universities to act decisively and invest in comprehensive cyber-resilience strategies. By doing so, they can protect themselves from the growing threat of cybercriminals while maintaining efficiency and competitiveness in the academic landscape.
Ad