NCSC urges UK universities to shield themselves from possible cybersecurity threats

• The National Cyber Security Centre (NCSC) has published a report that outlines the cybersecurity threats to UK universities and academia.
• This report aims to raise awareness of cyberthreats and encourage universities to implement security-conscious policies.

What does the report say?

The report asserts that the primary threats to UK universities in the cyberworld are for financial gain and stealing intellectual data.

• Cybercrime will possibly bring major difficulties to universities, but state-sponsored espionage has the potential to cause long-term damage.
• State-sponsored espionage may cause damage to the value of research, fall in investment by public or private sector in the affected universities, or damage to UK’s knowledge advantage.
• If foreign direct investments are restricted, cyber threats to universities will probably increase as it provides an alternate way to access sensitive data.

“Universities are key contributors to the economy, skills development and innovation in the UK. In doing this, they handle personal and research data, intellectual property and other assets, each of which has significant value to others,” says the report.

Targeted data

Emails, personal information of students and staff, technical resources, and intellectual property are said to be of primary interest to a nation state. These data can be used for different purposes including commercial gain and advancing similar research efforts.

Phishing attacks and injecting malicious software are common attacks targeted at universities. Usually, university websites provide ample data about students, staff, and the university to craft a phishing email. Introducing malware in university systems aids attackers in stealing data, gaining long-time access, or even demanding a ransom after encrypting all the data available.

What should universities do?

The NCSC recommends a few strategies against the attacks.

• Create awareness among students and staff about cyberattacks, particularly phishing emails.
• Implement better access-control policies, especially for research and intellectual property of high value.
• Reconsider network design to build smaller, private networks without impacting information sharing within the university.