Universities are at a high risk of cyber crime, with student data, personal information, and extremely valuable research causing education institutions to be prime targets of attack.
Universities often lack the resources to secure their data adequately, which poses another motivation behind attack. A recent study showed education and research were found to be the most attacked industry sector, seeing a 114% increase in the past two years.
75% of data breaches in the education sector occur at universities alone, while a third of UK universities have been hit with ransomware attacks over the past decade. Whilst most attacks were isolated incidents, Sheffield Hallam University reported 42 ransomware attacks since 2013.
The National Cyber Security Centre continuously warns of the rising cyber security threats to universities in the education sector, highlighting the importance of cyber security in universities and all higher education institutions.
Consequences of Cyber Attacks on Universities
87% of universities have experienced at least one successful cyber attack, while 43% have had student data attacked, including dissertation materials and exam results. Consequences may range from threats to students’ personal information, to IP loss and anti-competitive behaviour.
Reputational damage can be an irreversible consequence of attacks, or can lead to long-term repercussions which can be costly and resource-consuming to rectify - for instance, inevitable headlines flooding news outlets when attacks take place.
University league tables rank the best universities in the UK and act as a potentially crucial deciding factor for prospective students evaluating their available options. League tables monitor opinions of students in the course of study among other factors, and are therefore vital in universities upholding a positive reputation.
In the league tables following cyber attacks, it isn’t uncommon for universities to drop in the rankings. Of course, there are many factors for movements in university league table rankings, however, patterns in dropping after an attack showcase a negative effect that universities should avoid.
Universities estimate that cyber attacks (over the last 12 months) cost them upwards of £50,000 in financial losses. One university cyber attack led to a response team deployed for six weeks, equating to £65,000 worth of resources plus significant legal costs.
Other detrimental consequences include hefty fines from the Information Commissioner’s Office, alongside universities dropping in league tables and students claiming tuition fees back in the event of missed teaching.
In the event that university data does fall into the wrong hands as a result of a cyber attack, the consequences can be serious, including threats to national security, identity fraud, and financial crime.
The Organisation for Economic Co-operation and Development (OECD) said that online-only lessons would mark a failure by universities to offer value for money to students and could encourage more students to take less costly higher education courses such as the open university. In addition, this would risk affected universities being overtaken by more competitive digital providers.
Why Cyber Criminals Attack Education
Universities have always been at a higher risk of cyber crime, with personal information, student data and valuable research making them a prime target for cyber criminals. Higher education institutions are at heightened risk due to increased network activity and the general complexity of enabling hybrid learning.
Alongside this and the transition to digital learning in recent years, universities have become an ‘easy target’ as reported by the National Cyber Security Centre.
Considered an under-resourced sector, universities and higher education institutions are greatly vulnerable and must remain highly vigilant, ensuring cyber security practices are in place.
Human error is the biggest cause of security incidents, and tackling this is key to reducing attacks within the education sector. With students and university staff accessing websites with minimal restrictions, malware can easily find its way into university devices.
The lack of cyber awareness is another factor in educational cyber attacks, with only 80% of universities providing mandatory security awareness training for staff and only 8% of university students taking up basic cyber security awareness training.
Recent Cyber Attacks on Universities
In recent years, many universities across the UK have faced ransomware and cyber attacks, resulting in the cancellation of classes and students being unable to submit assignments and access their course materials. Universities affected by cyber attacks continuously work alongside local police and the NCSC (National Cyber Security Centre) to support investigations.
The NCSC recognises and supports the best in cyber security education for students and universities, by providing guidance to all educational bodies and through their NCSC Early Warning service that notifies organisations of malicious activity on submitted domains and IPs. When an educational institution is hit by a cyber attack, the NCSC work collaboratively with law enforcement, defence, the UK’s intelligence and security agencies and international partners.
University of Portsmouth Cyber Attack
In April of last year, Portsmouth University faced a ransom attack delaying the start of the new term. The Portsmouth University cyber attack saw several IT systems out of action for almost a month. As a result of the attack, the University of Portsmouth were forced to shut down the campus.
A notice on the Portsmouth University website read: “An ongoing technical disruption has affected some of our IT systems, which remain offline whilst we work with expert support to investigate the issue and securely restore these systems. We have taken the decision to close down many of our services in order to best protect our systems and information while the investigation is underway.”
Although it was never confirmed how the ransomware attack occurred, Portsmouth University is unaware of data being stolen. The university was closed for a total of 12 days.
In addition, the University of Portsmouth dropped 45 spaces on the university league table, in the same year the attack took place - dropping from position 21 in 2020, to 66 in 2021. The University of Portsmouth’s reputation continued into 2022, dropping into 75th position two years after the ransom attack. In 2022’s league table, the university has been ranked in 69th place.
University of Sunderland Cyber Attack
Shortly after the start of the first term in September 2021, the University of Sunderland fell victim to a suspected cyber attack causing significant IT issues.
As a result of the Sunderland University cyber attack, IT systems and services experienced extensive interruption, with the university website and telephone lines kept offline for several days. The disturbance also caused the cancellation of classes, with staff unable to access their emails. Consequences of the attack include the disruption of teaching efforts and difficulty accessing study resources.
Hackers could have gained access as the university dealt with the influx of new students during the busiest time of the year, paired with the university migrating to the cloud environment.
The University of Sunderland faced immense criticism from students that claimed paying £9,000 per year in tuition fees for online classes was a “waste” of money.
University of Hertfordshire Cyber Attack
The University of Hertfordshire experienced a cyber attack impacting all systems and blocking access to its cloud-based services, including MS Teams, Zoom and Canvas.
As a result of the Hertfordshire University cyber attack, all online classes were cancelled, with students and staff unable to use onsite or remote access to computer facilities. Students were also unable to submit assignments.
While there was no evidence to suggest that any data had been taken, the University of Hertfordshire dropped 13 places in the league tables in the year following the attack.
University of Northampton Cyber Attack
In March 2021, the University of Northampton was severely impacted after being hit by a cyber attack that interrupted services to its IT and telephone systems and servers.
The Northampton university cyber attack left students and staff unable to access the university’s internal systems, with the cancellation of online lessons and students given extensions for assignments.
The University of Northampton said those who carried out the attack had "no regard to the disruption to teaching and learning such attacks cause". It’s thought that the cyber attack was identified as a ransomware variant. However, this hasn’t been formally confirmed.
The University of Northampton dropped 11 spaces in league tables following the attack, showcasing the damages of the year after the attack unfolded. The university continued to drop a further eight places in the 2023 university league tables.
Building Security Layers in Universities
Educational institutions should adopt a 'defence-in-depth' approach, as advised by the NCSC, alongside an incident response plan to limit the consequences of malicious university cyber attacks and reduce downtime.
Training university staff and students with the information required to recognise (and react to) cyber threats will decrease the highest risk in causing breaches, with security awareness being the first line of defence. Knowing the financial and reputational risks of attacks proves the need to arm defences. Whilst awareness across the board should be a focus, building your cyber security team is vital to avert the risk of attack.
Whatever the case, university employees should be armed with cyber security awareness knowledge in order to prevent threats and reduce the implications in the educational sector.
As a common method of attack, universities have become a hunting ground for phishing scams. With over 560 training labs, TryHackMe has training catered to a plethora of cyber threats and patterns. Show your team how to analyse and defend against phishing emails through real-world phishing attempts using a variety of techniques with our phishing module, which covers the components of phshing, indictors of phishing scams, analysis, and defence.
Defensive teams should be able to monitor and investigate alerts around the clock and escalate security incidents when necessary, which our brand new SOC Level 1 Pathway guides your security team through. As offence is argued to be the best defence, offensive cyber security is invaluable for the cyber security positioning of educational institutions.
With red team exercises vital to detecting, preventing and remediating cyber threats, our Red Teaming Pathway upskills your team in challenging the defence capabilities, strengthening your cyber security standing.
Launch TryHackMe to help omit risk and the repercussions of breaches through bite-sized guided training.