The cyber threat to Universities

1. The primary cyber threats to UK universities are likely to include:

• Criminals in pursuit of financial gain
• Nation states aiming to steal personal and intellectual data for strategic benefits

2. Cyber crime is expected to present the most visible and disruptive challenges for universities. Nevertheless, state-sponsored espionage is anticipated to cause more significant damage in the long term.

3. Consequences of state espionage may include:

• Decreased value of research, particularly in STEM fields
• Reduced investment from public and private sectors in affected institutions
• Harm to the UK’s intellectual advantage in research

4. If scrutiny or restrictions on foreign direct investments increase, it is plausible that cyber threats to universities will escalate, as state actors search for alternative methods to access sensitive research and intellectual properties.

This report employs the PHIA probability scale for making evaluations and predictions.

Whenever we assess a situation, the terminology used reflects defined ranges of probability.

Universities are crucial to the economy, skills training, and innovation in the UK. They manage highly valuable personal and research data, intellectual property, and other essential assets.

It is highly probable that state-sponsored perpetrators are attempting to steal information for strategic advantages, while cyber criminals are aiming to commit fraud or monetize stolen content through various means.

Once access is established, both attackers are very likely to utilize compromised services, such as email accounts, to deepen their infiltration into university systems.

Despite the visibility of cyber crime as a threat, state-sponsored espionage is poised to inflict far-reaching and lasting harm. This is especially true for institutions focused on innovation and collaborative research. The ramifications of such attacks extend beyond individual universities to impact the UK’s broader interests and create opportunities for early publication.

Nation states likely prioritize universities due to the valuable information and data they possess, using cyber avenues as less traceable means to acquire intelligence otherwise inaccessible. Traditional methods of access, such as partnerships, student exchanges, or direct investments, may still be leveraged alongside cyber tactics.

Understanding awareness concerning international collaborations and foreign funding varies among institutions, as does the level of scrutiny applied to investment opportunities.

Data of Interest to Nation States

The categories of information that attract attention from nation state actors may include:

• Email communications
• bulk personal data of staff and students
• Technical documentation and standards
• Sensitive research and intellectual properties

The usage of such data can fulfill various state objectives, including providing commercial advantages to national enterprises and advancing comparable research initiatives.

Sensitive research can be targeted for defense or commercial benefits, making its loss potentially devastating for both the respective institution and the UK as a whole. Possible outcomes range from diminished value in research and intellectual properties to a decline in the university’s attractiveness as an investment collaborator, thereby adversely affecting the UK’s knowledge edge.

While espionage likely serves state objectives primarily, it can also inflict long-lasting damage on UK institutions.

Cyber criminals often impact universities through widespread and untargeted attacks.

For instance, ransomware attacks lock systems and data, demanding ransom payments. Such incidents caused significant service disruptions at various UK universities in mid-2018.

Though less frequent, targeted attacks inflicted by cyber criminals may result in even more severe financial repercussions. The rise of spoofed or hacked email accounts impersonating a university’s partners or suppliers is increasingly prevalent, leading to the inadvertent transfer of sensitive data or funds to these criminals.

Due to their inherently open cultures and technological environments, universities facilitate collaboration across borders, which, while beneficial, also simplifies an attacker’s efforts.

Phishing Incidents

Attackers can easily gather information from university websites to identify targeted individuals, their contact details, and craft convincing communications. This facilitates phishing attacks, where tailored messages trick staff or students into unwittingly assisting attackers. Surveys reveal this common attack impacted seven out of ten universities in 2017.

Phishing efforts can lead to financial transfers to fraudulent parties, compromised login credentials, and the spread of malicious software within the university network.

Threat from Malware

Malware stands as a formidable tool for both state-sponsored and criminal entities.

This type of software can facilitate information theft, grant attackers sustained access to systems, or lock users out of their machines and data until payment is rendered.

Emphasizing Human Factors

Phishing exploits human vulnerabilities; thus, promoting strong security awareness among staff and students is our primary line of defense. Maintaining this awareness presents a challenge due to the constant turnover of personnel.

Managing Access and Authentication

This turnover complicates the management of network access, which must be restricted to necessary personnel. Many cyber attackers aim to leverage authenticated user credentials for network navigation once they establish a foothold.

Implementing strict access controls and segmenting high-value research data can significantly reduce the possibility of theft or unauthorized access.

Designing Secure Networks

Universities face challenges in maintaining robust security while safeguarding ease of information sharing across diverse data types. The design of computer networks is critical in achieving this balance.

Many networks comprise smaller, private segments, each catering to specific faculties or labs. This flexibility poses risks, particularly when oversight is minimal, making them vulnerable to persistent threats or unauthorized access. However, these segmented approaches can facilitate separating sensitive data, allowing enhanced protection without encumbering the broader network’s accessibility.

As UK universities continue their cutting-edge research and generate significant intellectual properties, they will remain prime targets for state-sponsored espionage.

Such state-sponsored operations will persist as long as they prove effective and elicit few repercussions, as illustrated by numerous incidents attributed to Iran.

It is anticipated that state espionage will continue to pose the gravest long-term threat to both universities and the broader UK landscape. The likelihood of increased threats is plausible, coinciding with heightened investments restrictions.

Cyber crime will also persist in impacting universities, targeting them directly or collateral damage regardless of their status or success.

While cyber criminal strategies evolve, it is predicted that spear-phishing and social engineering will remain dominant attack vectors. Ransomware is likely to be the primary disruptor for staff, students, and the institutions themselves.

These incidents may cause extensive damage to affected universities, impacting reputation and incurring fines under data protection laws.