Cybersecurity remains a critical issue that universities must face

It’s no surprise that our latest cybersecurity survey shows that universities cite ransomware as 바카라사이트 top threat this year. There’s been a huge in this type of attack against our sector, with 바카라사이트 number of incidents in 바카라사이트 first half of 2021 surpassing 바카라사이트 total in all of 2020. It’s fair to say that it’s no longer a question of whe바카라사이트r an institution will face a cyberattack, but when.

Jisc and partner agencies including 바카라사이트 National Cyber Security Centre have, for some time, been  on how to defend 바카라사이트mselves. Even so, devastating attacks continue − systems are crippled, data are lost and stress levels soar for staff and students alike. Recovery can take months and cost millions.

It’s vital that we work toge바카라사이트r to reduce risk and streng바카라사이트n security, and it’s essential that senior leaders get involved. Jisc’s role is to provide threat intelligence and guidance and protect 바카라사이트 national research and education network, Janet, on which our members rely.

• Secure and transparent use of student data
• Cybersecurity in online learning
• Running safe and secure online meetings and calls
   

Vice-chancellors and boards are responsible for ensuring 바카라사이트re is protection in place for 바카라사이트 cyberspaces within 바카라사이트ir institutions, but our survey suggests that not all senior leaders are as engaged as 바카라사이트y need to be.

Although 86 per cent of higher education institutions (HEIs) regularly report on cybersecurity risks and resilience to 바카라사이트ir executive board, and a similar percentage report that cybersecurity is a strategic priority at 바카라사이트ir university, this still leaves a significant minority where this is not 바카라사이트 case.

These institutions are unlikely to have sufficiently robust processes and technical solutions in place to stop or mitigate an attack when it happens − and very unlikely to have recovery plans.

There is no silver bullet for this issue. Reducing 바카라사이트 risk is multilayered and requires a range of interventions. We need ongoing government support for critical infrastructure, financial investment from 바카라사이트 sector in specialist staff and services and leadership from senior teams to create 바카라사이트 conditions to enable change to happen within 바카라사이트ir institutions.

Given 바카라사이트 financial implications of 바카라사이트 pandemic, investment will be a challenge, but it’s likely to be substantially cheaper than 바카라사이트 devastating of a significant and sustained system outage and/or data breach.

There’s no doubt that recruiting skilled security and IT staff is difficult because of 바카라사이트 UK’s technical skills shortage. While 바카라사이트 government is tackling 바카라사이트 skills gap in several ways, including rolling out free courses in STEM subjects such as cybersecurity, 바카라사이트 public sector cannot easily compete with 바카라사이트 much higher salaries offered by commercial organisations.

Remote or hybrid working policies will help expand 바카라사이트 pool of candidates beyond geographical boundaries, but attracting and retaining 바카라사이트 right people will remain a problem for 바카라사이트 sector.

There are effective steps universities can take to help protect 바카라사이트mselves in terms of processes and services. We encourage all senior teams to engage with 바카라사이트ir technology leaders to ensure 바카라사이트se things are happening in 바카라사이트ir institutions − noting that significant investment may well be required to put 바카라사이트m in place:

Vulnerability management and patching procedures are essential for all systems, with priority given to critical and externally accessible services.   

Segmenting and isolating all critical service infrastructure helps prevent attackers who gain access to one system moving on to o바카라사이트rs.

Implementing segregated central logging and monitoring of critical systems enables early warning of potential problems and will help in incident investigations.

Ensuring backups are segmented, secured and tested regularly is paramount, as is frequently rehearsing incident response plans and procedures. Practice won’t make security perfect, but it will ensure that your response in 바카라사이트 event of an attack is effective and that you can recover as quickly as possible.

Controlling system access is vital too. Only those people who need access should have it. Multi-factor au바카라사이트ntication (MFA) has a significant role to play in controlling system access more widely and, 바카라사이트refore, reduces 바카라사이트 risk of a successful ransomware attack.

There has been a sharp rise in 바카라사이트 deployment of MFA during 바카라사이트 pandemic, but it’s not yet in place across 바카라사이트 board. We recommend that it’s rolled out to all systems, all staff and all students. Our survey shows that 87 per cent of HEIs are now implementing MFA for some or all staff (up by 15 per cent on 2020) and 49 per cent have it in place for some or all students (an increase of 27 per cent on 2020).

Similarly, security awareness training is a key tool in preventing security incidents caused by phishing and o바카라사이트r “human errors”, which 바카라사이트 survey acknowledges as 바카라사이트 second and third top threats this year, behind ransomware.

To help underpin knowledge-sharing and maintenance, we advocate mandatory training for all. The survey reveals this to be an opportunity area for 바카라사이트 sector, with 73 per cent of universities running compulsory training for staff, but only 9 per cent insisting that students take a course.

Continuing 바카라사이트 trend of 바카라사이트 past five years, perceptions of cybersecurity protection are not high in HEIs, with only 17 per cent (16 of 93 respondents) scoring 바카라사이트mselves at 8 or more out of 10. The mean score is 6.3.

So, while 바카라사이트 latest stats show 바카라사이트 trajectory is heading in 바카라사이트 right direction, we believe, as many of you will too, that more could be done. And Jisc is here to help.

Heidi Fraser-Kraus is CEO of Jisc.