Data protection is back on the agenda.
Since the beginning of 2019 there have been 3 major cyber attacks on universities in the UK (York, Lancaster & Manchester) that resulted in the theft of staff and students’ personal data.
But it wasn’t just personal data that was claimed in these incidents – important research data was targeted specifically and stolen.
And it isn’t just the UK. The problem is worldwide, with hackers targeting 62 colleges and universities in the US, because research is now big business and can sometimes be far more valuable than personal data.
Academic institutions hold of a lot of rich and valuable data including students’ results, staff login details and, crucially, research data collected by a university that is often sponsored by large, powerful corporations.
This makes universities significant targets for cyber criminals looking to trade in the highest value data possible. Any data that can be breached by hackers, such as personal information or research data, can be sold to a willing buyer. These customers could be university competitors or companies with a vested interest in the research.
The Value of Research
Research is what universities invest their time, money, and effort into. It’s what they trade in and it’s incredibly valuable. Whatever research data they collect has a value to someone, somewhere, whether it’s scientific research that could lead to a ground-breaking medical cure or economic research that could affect global investments.
The quality of a university’s research is what gives them the advantage over fellow universities. They try to use this information to help large corporate organisations to develop and grow.
Any research data or information that can be stolen by hackers could be useful to competitive institutions and organisations alike. This provides a demand for research data in the hacker community.
How are Universities Attacked?
The most common form of attack that hackers use when targeting universities is a phishing attack. The success of this attack is dependent on an unsuspecting user clicking a malicious link within an email, granting the hacker access to the university’s systems and data.
With this in mind, phishing scams are often sophisticated and tailored specifically to their victim. This is why phishing attacks typically have an impressive 1 in 10 chance of success.
This was unfortunately the case in July 2019 when Lancaster University had data stolen as a direct result of a phishing scam that an unwitting member of staff fell for.
With so many staff and students connected to a single university network, there are numerous entry points into a network for hackers. It only takes one of these people to make a single mistake and cyber criminals have access to a university’s systems, data, and research projects.
Universities need to be even more vigilant when it comes to cyber security because they are high-value targets. Without industry-leading cyber security measures in place such as network security, email security and – just as importantly – end-user IT training, universities are remain at high risk from cyber crime.