The cyber threat to Universities

1. The primary cybersecurity threats to UK universities include:

• Criminal entities pursuing financial gains
• Nation-states aiming to acquire personal data and intellectual property to gain strategic advantages

2. Cybercrime is likely to be the most visible and disruptive challenge for universities. However, state-sponsored espionage may produce more severe long-term damage.

3. The probable consequences of state-sponsored espionage include:

• Devaluation of research, particularly in STEM fields
• A reduction in investments from public and private sectors in affected universities
• Harm to the UK’s intellectual edge

4. Increasing scrutiny or restrictions on foreign investments could lead to an escalation in cyber threats to universities as nation-states seek alternative methods to access sensitive information.

This assessment utilizes a probability scale for evaluations and predictions. The terminology we use corresponds to established likelihood ranges during our assessments.

Universities contribute significantly to the economy, skill development, and innovation in the UK. They manage substantial personal and research data, intellectual property, and other assets, all of which hold immense value for various entities.

State-sponsored actors are likely attempting to steal critical data for strategic benefits, while cybercriminals aim to commit fraud or profit from stolen information through sale or ransom.

Once access is gained, both types of attackers are probable to exploit resources such as compromised email accounts to expand their intrusion into university networks.

While cybercrime is more visible, state-sponsored espionage poses a more significant risk over the long term, especially for universities that prioritize research innovation and partnerships. Such threats not only jeopardize individual institutions but also the broader national interests.

Data of Interest

Types of data that nation-states may target include:

• Emails
• Bulk personal information on staff and students
• Technical documents and standards
• Sensitive research and intellectual property

This data is sought for various national needs, such as enhancing commercial advantages, advancing research capabilities, or military and security objectives. The loss of sensitive research can have debilitating effects on universities and the UK, reducing the value of research and hampering investment opportunities.

Cybercriminals often impact universities through broad, untargeted attacks.

An example is widespread ransomware, which disables systems and data until a ransom is paid. Such incidents have caused significant disruption at several UK universities.

Targeted attacks, although less common, can have more severe financial consequences. An increase in impersonation attacks through spoofed or compromised email accounts is noted, leading to the unauthorized transfer of sensitive data or funds.

Universities are notably open and collaborative, facilitating communication and partnerships across borders, which unfortunately also simplifies attackers’ efforts.

Phishing

Phishing schemes often leverage publicly available information to identify and target individuals within the institution. This method relies on customizing messages to deceive staff or students into actions that benefit the attackers. Reports indicate that a significant majority of universities have experienced phishing attacks.

Phishing can result in fraudulent transactions, stolen login information, or the proliferation of malware throughout university networks.

Malware

Malware serves as a tool for both state-sponsored groups and cybercriminals to execute their operations.

Malicious software may facilitate information theft, grant the attacker prolonged access to systems, or render files and systems inaccessible until payment is made.

Prioritizing People

Since phishing exploits human vulnerabilities, training staff and students on security awareness is crucial. However, high turnover rates in universities make sustaining this awareness challenging.

Access and Authentication

Ensuring that network access aligns with necessary roles, especially with a constantly changing user base, is critical for security. Many attackers seek to leverage legitimate credentials to infiltrate networks.

Implementing stringent access controls and partitioning sensitive research can deter attackers from acquiring vital data.

Network Configuration

Universities face the challenge of securing their networks while ensuring easy information sharing. Effective network architecture is vital.

Many university networks consist of smaller, private networks that serve specific faculties or functions, offering flexibility but complicating security measures. Without consistent oversight, these private networks may be susceptible to exploitation; however, they can also be fortified to protect critical data without impeding overall network access.

As UK universities undertake high-value research and develop significant intellectual property, they are likely to remain prime targets for state-sponsored espionage.

The ongoing successful state-sponsored activities suggest continued threats, particularly given past incidents attributed to Iran.

It is anticipated that state espionage will continue to pose the most substantial long-term risk to both universities and the UK. As foreign direct investment faces increased scrutiny, the cyber threat landscape may intensify, pushing attackers to seek alternative avenues for insight.

Cybercrime will likely keep affecting universities, either directly or collateral; the evolving tactics of cybercriminals will see spear-phishing and social engineering remain prominent attack vectors, with ransomware as a leading cause of significant disruption.

These attacks are expected to further damage affected universities, both reputationally and financially due to potential fines under data protection laws.