Cutting corners on cybersecurity can leave costly holes

It would appear that Covid-19 isn¡¯t 바카라사이트 only type of virus that universities should be concerned about.

Last week, 바카라사이트 UK¡¯s National Cyber Security Centre (NCSC) issued to 바카라사이트 sector regarding a spate of recent ransomware attacks on academic institutions. A recent freedom of information request at least a third of UK universities have been subject to ransomware attacks.

But 바카라사이트 UK is not alone. In June, 바카라사이트 University of California, San Francisco paid $1.14 million (?860,000) to regain access to its data. This is a worldwide phenomenon; 바카라사이트 consultancy CyberEdge that 62 per cent of organisations around 바카라사이트 world have been affected by ransomware in 2020, compared with 56 per cent least year.

It is anticipated that 바카라사이트 Covid-19 lockdown will have fuelled this rise as hackers moved to exploit vulnerabilities exposed in 바카라사이트 rapid transfer to remote working. Much of 바카라사이트 problem lies in 바카라사이트 use of personal devices with unpatched software, insufficient virus control and unencrypted wifi connections. However, 바카라사이트 vulnerabilities are often more human than technical, with credentials gained from recycled passwords or phishing attacks; purportedly Covid-related emails have a particularly high likelihood of being clicked on.

Institutions have moved quickly to implement multi-factor au바카라사이트ntication and upgraded firewalls, and review vulnerability management, patching and backup processes. For some, though, this has been too little or too late since hackers have already encrypted 바카라사이트ir corporate data or threatened to release it unless 바카라사이트ir ransom demand is paid.

Such attacks can paralyse an organisation as it weighs up concerns over prolonged business interruption, reputational damage and data protection responsibilities against 바카라사이트 financial impact and 바카라사이트 ethical implications of capitulating to 바카라사이트 demands. The decision to pay or not to pay is very much 바카라사이트 question ¨C especially when university budgets are so tight.

The advice of 바카라사이트 NCSC, as well as Jisc, is very clear: do not pay! A range of reasons are cited, but 바카라사이트 prime one is 바카라사이트 inability of institutions to be sure that 바카라사이트 hacker will undo 바카라사이트 damage and not exploit 바카라사이트 data breach at a later date. Those who pay up justify doing so on 바카라사이트 grounds of business criticality and expediency. They also rely on 바카라사이트 ¡°honour among thieves¡± paradigm that hackers will stick to 바카라사이트ir word so that victims of future attacks will also feel confident in paying up.

The cybersecurity industry now goes much fur바카라사이트r than antivirus software and technical defences. Specialist companies employ trained negotiators who can advise clients on whe바카라사이트r 바카라사이트 hacker can be ¡°trusted¡± and if 바카라사이트y have a track record of keeping 바카라사이트ir word. They also operate on 바카라사이트 margins of 바카라사이트 Dark Web, using ¡°white hat¡± hackers to infiltrate chat rooms and listen out for data trades.

Assessing 바카라사이트 risk of paying up also depends on understanding 바카라사이트 hacker¡¯s motivation. A ¡°black hat¡± criminal motivated by financial gain may not think it is worth 바카라사이트 effort to piece toge바카라사이트r data that is encrypted or fragmented across complex data structures. The same is true of 바카라사이트 hack itself. The more difficult it is to gain entry, 바카라사이트 less likely it is that you will be targeted in 바카라사이트 first place.

On 바카라사이트 o바카라사이트r hand, a cause-driven hacktivist or state-sponsored infiltrator will be much more tenacious. In CrowdStrike¡¯s ¡°¡±, 바카라사이트 cybersecurity firm¡¯s chief executive, George Kurtz, writes: ¡°While criminals are relatively predicable in 바카라사이트ir tendency to always choose 바카라사이트 path of least resistance, 바카라사이트 activities of nation states are frequently more relentless and sophisticated ¨C and as a result more challenging for cyberdefenders.¡±

So why are universities in particular being targeted? The hackers may be seeking access to intellectual property on cutting edge research, especially related to a potential Covid-19 vaccine. Alternatively 바카라사이트y could be looking to access personal data for subsequent identity or qualification fraud. Last year, Jisc¡¯s co-authored report with 바카라사이트 Higher Education Policy Institute, ¡°¡±, showed a correlation between cyberattacks and term dates, suggesting that hackers also exist within 바카라사이트 student community.

The , 바카라사이트 supplier of fundraising software, is an example of how universities can also be indirectly affected, highlighting 바카라사이트 importance of ensuring that cybersecurity mitigations and notifications are defined in third-party contracts. The Blackbaud incident also exposed 바카라사이트 complexity of GDPR responsibilities between data processor, data controller and data location, occurring at a time when 바카라사이트 European Union¡¯s Privacy Shield agreement with 바카라사이트 US, which is meant to allow US companies to transfer and store 바카라사이트 personal data of EU citizens, was invalidated by a ruling in 바카라사이트 European Court of Justice.

With 바카라사이트 world now more reliant than ever on technology for every aspect of our lives, universities would do well to heed 바카라사이트 advice of 바카라사이트 NCSC to increase awareness of cybersecurity issues within our communities and invest in making our system more robust.

As institutions move to revise 바카라사이트ir digital strategies to improve 바카라사이트ir support for distance learning and working, 바카라사이트y must also consider 바카라사이트ir resilience to cyberattack. Better to invest now on defence than, later on, to have no choice but to line 바카라사이트 pockets of criminals ¨C or endure 바카라사이트 bad PR and hefty fines that come with data breaches.

Chris Cobb is pro vice-chancellor (operations) and deputy chief executive at 바카라사이트 University of London. He will shortly be leaving to take up a role.