Safeguard student and staff data, maintain online learning environments, roll out and secure complex applications, patch key vulnerabilities and secure staff and student identities.
Connectivity and digital technology now underpin almost all aspects of running a higher education establishment, be that university, research centre, college, or conservatoire.
In recent months, cyber attacks on higher education providers have resulted in significant disruption to teaching and learning and to business-critical systems, sometimes for long periods of time. This has obvious implications for reputational damage, for the wellbeing of staff and students, and for a provider’s bottom line.
In the race to use technology to enhance learning, improve collaboration, and speed up research and development; the security of networks, data, and people within higher education has become absolutely vital. A robust cybersecurity posture cannot prevent a cyber attack, but it can significantly reduce the risk and minimise the impact, should the worst happen.
Within the UK, the total number of students in higher education was 2,862,620 in 2021/22, an increase of 4% from the previous year. 80,000 plus staff across both teaching and research were employed during the same period. Most recent figures from the Higher Education Statistics Agency (HESA) report that total income for the sector was £43.9 billion in 2020/2021, a clear proofpoint of the size and importance of this sector for the UK economy.
The UK’s university sector, in particular, is renowned for the quality of its research facilities, driving innovation across many sectors, including healthcare and technology, as well as government-funded programmes of national importance such as nuclear energy and defence. The combination of a sizeable digital infrastructure and its potentially sensitive research data has resulted in universities becoming an attractive target for cybercriminals.
Managing the digital identity of students, staff, and visitors has become a core tenet of cybersecurity within higher education establishments.
Half (50%) of higher education institutions participating in the government’s Cybersecurity Breaches Survey 2023, reported experiencing breaches or attacks at least weekly, with three-quarters (75%) of higher education institutions reporting they were negatively impacted regardless of whether there was a material outcome or not.
A recent report found that the UK’s top 30 universities are up to 50% more likely to have breached credentials than any other institution in the remaining top 100. London universities have breached more credentials than Scotland, Wales and Northern Ireland combined. That same report discovered 2.2 million breached credentials available on the dark web for the top 100 UK institutions, with 57% belonging to the 24 Russell Group universities.
Some of the most high-profile cybersecurity attacks and data breaches affecting the UK’s education sector include:
In March 2021, JISC published its Higher Education Strategy 2021–2024; Powering UK Higher Education. The not-for-profit digital agency that focuses on tertiary education, research, and innovation operates the Janet Network, the UK’s national research and education network (NREN), which provides a high-speed network that links the UK research and education community. The report champions the UK education sector’s digital achievements over the past few years, particularly with its innovative approach to online and blended learning. Like many sectors, organisations providing higher education facilities experienced a rapid shift to remote working during the pandemic, necessitating investment in new digital infrastructure to support distance learning and research.
Jisc highlights the growing global demand for education and the UK’s leadership in transnational education, with almost half a million international students taking up places between 2019 and 2020. As universities and higher education institutions push to better utilise data to deliver enhanced education services to more students in ever-expanding locations, effective digital infrastructure will be a cornerstone of investment for the sector over the coming years.
As the sector grows, so too will the volume and sophistication of cybersecurity threats facing these institutions. By nature, higher education institutions have broad attack surfaces, numerous potential points of entry for threat actors, and large user groups vulnerable to social engineering. The significance of the sector to the UK economy means that mitigation of the risks associated with digital transformation is non-negotiable.
All educational institutions are subject to a variety of regulations that govern the collection, use and protection of personal information. Compliance with these regulations is crucial for organisations in this sector to maintain trust among their staff and students and to avoid potential legal, financial, and reputational consequences associated with a data breach. Some of the key regulations that apply to the education sector include:
Cybersecurity will be high on every university’s risk register. The nature of the data education institutions hold—from staff and student personal information, to sensitive research information and intellectual property—places these organisations on the most wanted list for most, if not all, cyber threat actors.
Using BlueFort’s standards-based framework of continuous discovery, validation, and control, we are able to help educational organisations navigate the regulatory minefield with simplicity and confidence.
As your trusted cybersecurity partner, BlueFort provides the assurance and expertise to strike a harmonious balance between seemingly conflicting imperatives. We enable you to fortify your defences and foster continual innovation, all while maintaining the essential competitive edge that stems from steadfast security and compliance. Your security, your innovation, and your advantage—we’ve got you covered.
© Copyright BlueFort Security Ltd.