Is the education sector facing cyber security risks?
In the US last week a hacker broke into the University of California’s computer system which contained 80,000 students. This apparently occurred in December whilst the university was in the process of patching a security flaw in their financial management system.
This followed a similar breach earlier this year at the University of Florida where private information of current and former employees were accessed going back to 1980. A lawsuit has been issued which is seeking a class action status. There was also criticism on how the breach was managed.
On this side of the Atlantic in December university students were unable to submit work as a result of the academic computer network called “Janet” coming up against a distributed denial of service (DDOS) attack causing reduced connectivity and disruption. The University of Manchester was one of the universities impacted by the DDOS attack.
Earlier, last year the University of London Computer Centre (ULCC) was hit by a cyber attack which again left millions of students unable to access the organisation’s IT services. The centre provides services to over 300 UK institutions and supports over two million higher education and further education students on its open-source learning platform Moodle.
The education sector accounted for nearly 10 per cent of all breaches in the past year, according to cyber security company Symantec.
Universities and colleges contain an abundance of personal data which makes them attractive to hackers, such as credit card details, medical information of current and former students and employees. This also becomes complicate to manage as students come from many different parts of the world bringing with them wide ranging data protection regulations.
Multiple Entry Points
The education sector traditionally provides multiple entry points with a huge spectrum of users having access to its networks. The access is also available 24/7 365 days a year via many devices that may not be secure such as laptops logging in from remote wi-fi locations.
Within the education framework social media features prominently and in the absence of social media policies with specific standards in place this can leave a university vulnerable in terms of the inadvertent sharing of information that may not be meant for the public domain.
A college or polytechnic may consist of a number of separate networks which may not contain a high level cyber security and therefore present a number of cyber security risks.
Certain establishments contain highly sensitive research information in the fields of science, health , defense and aerospace. This could make them a target for hackers and terrorist organisations.
Cyber Security Research
Cyber security research itself could also be a target with the Global Centre for Cyber Security Capacity building in Oxford University’s Martin School. A number of universities have been awarded Academic Centres for Excellence in Cyber Security Research, such as the Bristol and Kent Universities which means that they will work more closely with the Government Communications Headquarters (GCHQ).
Cyber liability insurance can play a very important role in supplying an extra layer of comfort in the event of a cyber attack to education establishments, providing coverage for a significant number of the potential cyber security risks that exist in this sector.