Many of the UK's biggest universities and colleges could be vulnerable to cyber attacks, after new penetration tests revealed it can take under two hours to gain access to sensitive data.

The simulated attacks, carried out by ethical hackers on behalf of Jisc, the agency providing internet services to the UK's universities and research centres, found that in every case, they were able to breach defences with ease.

More than 50 universities were targeted as part of the tests, with some being attacked repeatedly.

The hackers had a 100 per cent success rate, in some cases circumventing defences in under an hour. This allowed them to access data ranging from staff and students' personal information to financial systems and highly confidential research databases.

A range of techniques were used to try and gain access, with one of the most effective methods being 'spear phishing'. This is when users within the organisation are targeted with personalised messages that appear to be from someone the user knows, but actually aims to trick them into handing over login credentials or other valuable data, or delivering malware.

The tests could be a serious warning for universities and other research centres, as in the last year, more than 1,000 attempts to breach networks were reported, across more than 200 institutions.

John Chapman, head of Jisc's security operations centre, said the penetration tests highlighted the risk of a "disastrous data breach or network outage".

"Cyber-attacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat," he continued, adding that based on the results of the tests, "we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment". 

Nick Hillman, director of the Higher Education Policy Institute thinktank, commented that UK universities have become tempting targets for hackers due to the wealth of valuable research data they hold. He added that "unscrupulous foreign governments" are particularly keen to gain access to this research, which is vital to the UK's future economic growth.

Share This Post, Choose Your Platform!

arrow logo

With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.

About Us

Case Studies

Case Studies