Cyber-attacks of a similar nature have been happening to universities across the country, and the fear of these attacks is growing now teaching has moved online.
A hacking group using DopelPaymer malware, which has been used to hack Nasa and Tesla, held Newcastle University to ransom at the start of September after disrupting its IT system, threatening to hold data on staff and students. The attack comes just weeks after a similar incident at Northumbria University and reports that Warwick University was hiding serious data breaches from staff and students this summer.
The attack at the University of Newcastle, which was named a centre of excellence for cybersecurity by the government in 2017, has not resulted in a delayed start to term despite fears of a major disruption in enrolling students. The investigation by the University is still ongoing and they are still unsure of the ramifications; their FAQ webpage states that they “have not yet found any evidence of any exfiltration of personal data as a result of this cyber incident”.
The extent of the issue for the sector is much wider than a few isolated incidents. A recent report by leading cybersecurity group Redscan revealed that in the last year, 54% of UK universities have had at least one data breach, with two institutions reporting six separate breaches of security. Another major issue is phishing, posing as a legitimate source in order to acquire data, with one institution reporting 130 million attempts.
With teaching being delivered remotely this year it is feared that cyber attacks will become more frequent. In response to the recent attacks, a spokesperson for the University of Glasgow told The Glasgow Guardian: “Information Services have responded to the advice from our partners and experience from other institutions to strengthen against the current attack vectors being used in the sector”.
The University spokesperson also stressed: “mandated Information Security Awareness training for all staff, this course is also available for students at https://www.gla.ac.uk/myglasgow/it/informationsecurity/awarenessmodule/ and contains useful information security advice”.
The University of Glasgow is also one of just 21 institutions in the UK with Cyber Essentials Plus accreditation, a government scheme backed by the National Cyber Security Centre, which means that an independent body ensures that the University meets the five requirements for essential cyber safety.