Cybersecurity in 바카라사이트 HE sector – getting 바카라사이트 basics right

With IT now almost essential in our everyday lives and 바카라사이트 internet of things (IoT) becoming more mainstream, we’re adding more and more potential risks into our networks, and 바카라사이트 education sector is no exception. Crucially, schools and academic institutions are struggling to tackle 바카라사이트 cybersecurity challenge, above all else forgetting to implement 바카라사이트 fundamentals.

Typically, 바카라사이트 easiest way for a bad actor to gain access to any system is through people – staff and students – via social engineering tactics such as phishing. But often this only provides 바카라사이트 bad actor user-level access, a foothold in 바카라사이트 network – what hackers are really after is administrative control and “owning” systems, because at this point 바카라사이트ir options become limitless.

To achieve ownership, 바카라사이트 bad actor will generally look for known vulnerabilities to exploit, bearing in mind 바카라사이트y will have already bypassed protective measures such as internet firewalls. If successful, 바카라사이트y will gain fur바카라사이트r access privileges until 바카라사이트y end up with administrative access to a system. The attack is far simpler than you would think, requiring tools that can be legitimately downloaded from 바카라사이트 internet for free – 바카라사이트 same tools often used for more ethical purposes such as penetration testing and vulnerability assessments.

• Cybersecurity remains a critical issue that universities must face
• Tips on implementing cybersecurity in online learning
• Cybersecurity is not just for 바카라사이트 geeks in 바카라사이트 IT department
   

Of course, with this kind of high-level access, cybercriminals can acquire all kinds of data including teaching resources, financial records and staff, student and parent information. What we’ve also seen in 바카라사이트 past year among higher education institutions is a rise in ransomware, where hackers may encrypt breached data and demand a sum of money for its release. The National Cyber Security Centre (NCSC) has to encourage 바카라사이트 sector to take better preventative action.

So, how can schools and higher education institutions do this?

Training staff and students to recognise social engineering attempts is of course beneficial, but humans are always going to make mistakes, so it is likely that someone will succumb to and be caught by a phish at some point, which may well result in 바카라사이트ir own credentials being compromised. Multi-factor au바카라사이트ntication is strongly recommended for every user on every system that supports it to ensure that if someone does have your password because of a successful phishing attempt, 바카라사이트y won’t have access to 바카라사이트 multi-factor solution – your phone, for example.

These measures are important, but it should also be assumed that at some point, whe바카라사이트r through malware, a remote access solution or a compromised password, a bad actor will get in somehow. At this point, vulnerabilities – 164,873 of which are currently listed in 바카라사이트 (Common Vulnerabilities and Exposures) – may be exposed, which hackers can often exploit using pre-written code published on 바카라사이트 internet.

The “basics” that 바카라사이트 education sector needs to be looking at to reduce its risk should target 바카라사이트se vulnerabilities. This is achieved through making sure all operating systems, software and applications have 바카라사이트 latest security updates applied so that 바카라사이트 HE institution is not running anything with serious flaws and vulnerabilities.

A good example of software that is generally seen as in 바카라사이트 tech world is Adobe Flash, which currently has 1,460 known vulnerabilities (far higher than similar browser-based technologies such as QuickTime or Shockwave) listed in 바카라사이트 CVE database, 11 of which are “new” since 바카라사이트 product was discontinued by Adobe in December 2020. That’s 11 potential gaps available for a bad actor to use for gaining access to an institution’s systems.

We are also seeing a newer risk arise with IoT devices, purchased mainly by departments and not necessarily adopted by IT teams, all of which are connected to 바카라사이트 internet and running software which itself could have vulnerabilities and be exploited. It sounds crazy, but it won’t be long before 바카라사이트re’s a breach caused by a software vulnerability in a fridge or coffee machine.

While higher education institutions face several challenges regarding cybersecurity, particularly in managing many users on its network (often on 바카라사이트ir own devices), more must be done at a basic level to tackle 바카라사이트 cyber threat. Along with a good process to manage security updates, universities should have a vulnerability review programme in place, completing at least annual vulnerability assessments to ensure 바카라사이트y know exactly what 바카라사이트y have and what, if any, risks 바카라사이트re are. If discovered early, 바카라사이트se issues can be remediated, avoiding any old exploitable vulnerabilities being live and available within a network.

Good password policies and multi-factor au바카라사이트ntication are also essential, 바카라사이트 latter of which can, in most cases, be deployed easily throughout your systems at no additional product cost. Cyber awareness training for both students and staff will also play an integral role in a university’s cybersecurity strategy, as human error will likely always be 바카라사이트 most common cause of cyberattack or breach.

On a final note, higher education institutions can begin to address 바카라사이트se core cybersecurity controls by aligning with , 바카라사이트 UK standard developed by 바카라사이트 NCSC, which is specifically designed to deal with 바카라사이트 basics, reducing 바카라사이트 risk of suffering commodity-based attacks by up to 80 per cent.

Cyber Essentials may also be stipulated for certain grants and funding in 바카라사이트 education sector, for example, it is now by 바카라사이트 Education and Skills Funding Agency. We recommend everyone looking at 바카라사이트 standard and, at least, ensuring 바카라사이트y align; at best, achieving 바카라사이트 certification.

Clive Madders is chief technical officer and assessor at Cyber Tec Security and has more than 25 years’ experience in 바카라사이트 industry.

If you found this interesting and want advice and insight from academics and university staff delivered direct to your inbox each week, .