Official cyber crime stats for the UK in 2018 show that 43 per cent of companies and 19 per cent of charities experienced a security breach or attack in the last 12 months, with 74 per cent and 53 per cent of businesses and charities respectively saying that security is a high priority for senior management at the moment.
However, while this is certainly heartening to hear, the report also revealed that just 27 per cent of companies and 21 per cent of charities have a formal cyber security policy or policies in place. And perhaps even more concerningly, 33 per cent of businesses said they had a policy like this in 2017 – so the percentage has dropped while the security risks have increased.
The conclusion was drawn that both businesses and charities must start to consider the culture of their organisation, with some continuing to see themselves as an offline group or too small to be at risk… despite having potential risk factors like using personal devices for work.
When it comes to universities, they are apparently continuously under attack, with new research revealing that a quarter of such establishments experience daily attacks, Computer Weekly reports.
One of the biggest concerns here is that so much research is carried out by universities, so there is an increased risk to national security – with 93 per cent of studies commissioned by government and nearly one-third of this relating to the topic of national security.
The VMware-sponsored study went on to reveal that that universities are struggling to keep data safe, with hackers taking advantage of a lack of investment in IT security to target scientific, medical, economic and defence research.
And even more concerningly, 24 per cent of universities in the UK said they think their security and defence research may already have been exposed, while 53 per cent admit that a cyber attack on their establishment has resulted in research ending up in foreign hands.
On average, research generates £22 million per university and it represents a big source of income for these organisations, as well as their contribution to the country’s economy.
It’s essential that this income is protected, especially when you take into account the fact that more than half the survey respondents think a successful attack on their research data could lead to serious financial loss for the university in question.
“As the cyber threat evolves, and attacks become more sophisticated, it is imperative that universities invest heavily in their cyber defences and protect the professional and personal data of the 2.5 million students and staff learning and working in universities across the UK,” head of programme, cyber and national security at TechUK Talal Rajab was quoted by the news source as saying.
He went on to add that investment levels in IT security is still relatively low among universities, saying: “This must change. Universities must invest in defensive measures, adapt to the ever-changing cyber threat and ensure that the profitability of their academic research remains protected.”
So what can universities do?
Testing your defences could be a wise move so you know exactly where your weak spots are and what vulnerabilities need to be addressed.
Interestingly, earlier this year 20 universities in the UK signed up to take part in a cyber attack scheme called Exercise Mercury, where organisations are paired off to spend a week attacking each other using an in-house team of staff and students to find issues with processes, procedures, policies, technology infrastructure and digital footprints.
Communications and cyber security expert Kieren Lovell explained that although the exercise is a fun one, the aim is to learn how universities can protect themselves against “hostile cyber actors”, as well as giving university security staff experience in ethical hacking.
The National Cyber Security Centre has also been working alongside Jisc, the digital services provider for academia, to help set up a more secure environment for universities – important since they’re responsible for their own cyber security.
The top three threats facing universities were identified as being phishing and social engineering, ransomware and malware, and a lack of awareness of accidents… so prioritising security in relation to these could well be a good move for those in charge of higher education facilities.
Phishing involves influencing someone to take the wrong course of action, whether it’s clicking a bad link or disclosing certain information. This can happen over text message, by phone, social media or by email – so training in this area would be wise.
Ransomware is another growing global cyber security threat that universities should be well aware of. Any organisation can be affected if they don’t have the right defences in place – and there are two types you’ll need to be aware of… one where the user’s screen is locked and the second where files are encrypted on a computer or network. Ransoms are often demanded in cryptocurrencies like Bitcoin.
But focusing on a lack of awareness and accidents that happen in-house is also important and it could be useful to have a look at the NCSC’s ten-step guide to cyber security. Tips include managing user privileges, incident management and establishment of an incident response and disaster recovery capability, setting up a monitoring strategy, and producing user security policies that cover acceptable and secure use of the systems that are in place.
If you need help with IT backup in London, get in touch with us here at Stellarise today to see what we can do for you and your organisation.