Universities in the United Kingdom have admitted to being pummelled and caught out by cyber-attacks including phishing, representing a critical challenge for institutions.
A massive 70 percent of universities indicated that they had been the victim of phishing attacks, among the sample of respondants, 12 universities admitted to having suffered more than ten attacks in the past year alone.
The information has surfaced following the filing of Freedom of Information (FoI) requests to 70 UK universities by security firm Duo.
The figures presented in the report are made all the more concerning by the fact that within the set of universities that responded, seven hold GCHQ certified degree courses. Oxford University stood out as having been hit in excess of 50 times in the last year.
Included in the report, Henry Seddon, Duo Security Vice President of EMEA said: “The findings reveal that universities – staff and students – make popular targets for these attacks, which leaves them vulnerable to all kinds of security risks. … They open the doors to hackers, with stolen credentials, to access an organisation’s system virtually undetected, posing as an authorised user. Worryingly, phishing is now the most popular way of delivering ransomware onto an organisation’s network.”
Phishing and ransomware are old enemies in the cyber world that have gained new formidability in recent times, and universities are not alone in facing these threats. In fact, everyone is a target, with major industries such as healthcare being stolen from using these techniques at a worrying rate.
The prominence of these threats accentuates a growing trend in the cyber threat landscape, and the way in which defence must be approached by organisations and businesses. It is no longer possible to rely on an impenetrable cyber shield, wall or perimeter; it must be appreciated that defence has to also take place from within.