Many of the UK's biggest universities and colleges could be vulnerable to cyber attacks, after new penetration tests revealed it can take under two hours to gain access to sensitive data.
The simulated attacks, carried out by ethical hackers on behalf of Jisc, the agency providing internet services to the UK's universities and research centres, found that in every case, they were able to breach defences with ease.
More than 50 universities were targeted as part of the tests, with some being attacked repeatedly.
The hackers had a 100 per cent success rate, in some cases circumventing defences in under an hour. This allowed them to access data ranging from staff and students' personal information to financial systems and highly confidential research databases.
A range of techniques were used to try and gain access, with one of the most effective methods being 'spear phishing'. This is when users within the organisation are targeted with personalised messages that appear to be from someone the user knows, but actually aims to trick them into handing over login credentials or other valuable data, or delivering malware.
The tests could be a serious warning for universities and other research centres, as in the last year, more than 1,000 attempts to breach networks were reported, across more than 200 institutions.
John Chapman, head of Jisc's security operations centre, said the penetration tests highlighted the risk of a "disastrous data breach or network outage".
"Cyber-attacks are becoming more sophisticated and prevalent and universities can't afford to stand still in the face of this constantly evolving threat," he continued, adding that based on the results of the tests, "we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment".
Nick Hillman, director of the Higher Education Policy Institute thinktank, commented that UK universities have become tempting targets for hackers due to the wealth of valuable research data they hold. He added that "unscrupulous foreign governments" are particularly keen to gain access to this research, which is vital to the UK's future economic growth.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.