“Ethical” hackers from Jisc, a government-funded agency that aids universities with technological support, easily accessed “high-value” data in a recent test of universities’ cyber defenses, raising alarms that this sensitive information can easily be compromised.
Within the time frame given for the test, which was two hours, the hackers were able to penetrate 100% of the defenses and reach personal data belonging to students and faculty, the report said. In addition, the hackers were able to override universities’ financial systems and enter research databases.
Dr. John Chapman, who heads Jisc’s security and wrote the report, said it was “critical” for better defenses to be developed. Otherwise, universities would be exposed to “potentially disastrous” data breaches.
“Universities can’t afford to stand still in the face of this constantly evolving threat,” he said. “While the majority of higher education providers take this problem seriously, we are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills, and investment.”
The report was published along with the Higher Education Policy Institute (HEPI). Over the past year, the authors said, over 1,000 attacks were noted against no less than 241 institutes of higher learning in the U.K. last year.
Nick Hillman, the director of HEPI, said, “Universities hold masses of data on sensitive research, on the inventions of the future and on their staff and students, but some of it is not properly secured. The two main functions of universities are to teach and to research.
“Students like having their personal data used to improve teaching and learning,” he continued, “but this support is conditional and is unlikely to survive a really serious data breach. Meanwhile, future UK economic growth is highly dependent on university research. This provides valuable information that a few unscrupulous foreign governments are keen to access.”
Experts advocated for minimum cybersecurity requirements to be set by U.K. regulators.
David Maguire, who chairs Jisc and is also the vice-chancellor at the University of Greenwich, said that the “universities are absolutely reliant on connectivity to conduct almost all their functions, from administration and finance to teaching and research. These activities accrue a huge amount of data; this places a burden of responsibility on institutions, which must ensure the safety of online systems and the data held within them.”