Ethical hackers from Jisc were tasked with testing the cyber defences of UK universities, to see how long it would take them to access high value data. Recently, UK university research projects have more frequently become the target of hacking and data breeches, with reportedly more than 1,000 attacks in 2018.
The hackers from Jisc reported a 100% success rate at getting through the universities’ defences, breaking through for the first time in just two hours. According to the BBC, the hackers reported that effective attempts to hack the university included ‘spear phishing’ – a type of phishing email that appears to be from a trusted source in order to gain access for ransomware or malware.
In under two hours, the hackers were able to gain access and alter financial systems, hack into research information, and to dig up personal data and information for students and staff.
John Chapman, Head of Jisc Security Operations Centre, said: “We are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment. Cyber-attacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat.”
By having inadequate cyber defences, universities run the risk of compromising both the personal data of students and staff and sensitive or confidential research materials. Universities accumulate a huge amount of data, both personal and professional, which makes them valuable targets for attacks. Stealing research and intellectual property can be used to gain what is perceived as an advantage over competitors and either developed or sold to make a profit.
After these tests, universities are reportedly working to improve their cyber security.