UK universities ‘hacked within 2 hours’

UK universities 'hacked within 2 hours'

Many of the UK's biggest universities and colleges could be vulnerable to cyber attacks, after new penetration tests revealed it can take under two hours to gain access to sensitive data.

The simulated attacks, carried out by ethical hackers on behalf of Jisc, the agency providing internet services to the UK's universities and research centres, found that in every case, they were able to breach defences with ease.

More than 50 universities were targeted as part of the tests, with some being attacked repeatedly.

The hackers had a 100 per cent success rate, in some cases circumventing defences in under an hour. This allowed them to access data ranging from staff and students' personal information to financial systems and highly confidential research databases.

A range of techniques were used to try and gain access, with one of the most effective methods being 'spear phishing'. This is when users within the organisation are targeted with personalised messages that appear to be from someone the user knows, but actually aims to trick them into handing over login credentials or other valuable data, or delivering malware.

The tests could be a serious warning for universities and other research centres, as in the last year, more than 1,000 attempts to breach networks were reported, across more than 200 institutions.

John Chapman, head of Jisc's security operations centre, said the penetration tests highlighted the risk of a "disastrous data breach or network outage".

"Cyber-attacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat," he continued, adding that based on the results of the tests, "we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment". 

Nick Hillman, director of the Higher Education Policy Institute thinktank, commented that UK universities have become tempting targets for hackers due to the wealth of valuable research data they hold. He added that "unscrupulous foreign governments" are particularly keen to gain access to this research, which is vital to the UK's future economic growth.