Posted on April 4, 2019 at 5:58 PM
Students are in an uproar on social media following a number of breaches of universities in the United Kingdom.
Ethical hackers have managed to penetrate universities defenses in as little as two hours. These ethical hackers managed to gain access to high-value data on students from those universities. Fortunately, the hacks were perpetrated in an attempt to show universities how poorly prepared they are for a real-world attack. Real world attacks with malicious hackers could cause untold chaos with the data that universities have.
Many in the IT security industry believe that universities take for granted the data they possess on their students. The hackers had managed to gain access to some of the highest value data the universities had on file. They managed to do this every, single time they entered the systems.
These attacks come days after a damning report by Jisc. Jisc is a government-funded agency that focuses on information security. Specifically, it is mandated to provide universities with digital support. The report stated that universities were not active in protecting themselves and the data of their students against cybercriminals.
The report was published in partnership with the Higher Education Policy Institute (HEPI), which has called on the hacked universities to take urgent action to safeguard their data. They have also urged other universities to take a good look at their policies and frameworks for cybersecurity in light of these attacks.
Phishing more sophisticated than ever before
The phishing scams in play are getting more refined and are increasingly being used against institutions in the United Kingdom. The scams being used against United Kingdom institutions of higher learning are spear-phishing scams. These are email spoofs that appear to come from a trusted source but are in fact from a malicious party. They can with authority ask for the students confidential information. They frequently offer free grants to students and ask for their bank details so that loans can be settled on behalf of a trusted institution connected to the university.
The UK has seen a tangible increase in attacks since 2017. There were over 1000 attacks in 2018 alone. These were carried out against education and research organizations. It is critical that universities build strong defenses to avoid “potentially disastrous” data breaches said, Dr. John Chapman. Dr. Chapman is the head of Jisc’s operation center. He is responsible for overseeing the attacks against the universities. He claims that in select cases, a complete network outage is possible if hackers are determined enough. This could cause untold damage to the reputations of UK universities.
While he concedes that many universities do have more than adequate defenses, he is not sure that all do. The hack perpetrated by Jisc helped confirm his suspicions. He added that these universities would need to focus on investment in security skills training and knowledge. In addition to this, they would need to run campaigns on the campus to help students who are most at risk of phishing scams.
He goes on to say that the damage a network outage can have on research institutions is high. UK economic growth is based on the research carried out by UK institutions. His team was able to acquire such high-value research every time they broke into the systems. They also managed to do it in under 2 hours each time.
This was catastrophic for the UK if malicious attackers were to do this.