Further and higher education providers are increasing IT security as a result of Covid-19, according to Jisc, which provides technology services to the sector.
In a new report on the impact of cyber security incidents, the membership organisation says that some organisations have accelerated the introduction of multi-factor authentication and virtual private networks, given both the expansion of home working and attackers using scams specifically linked to the pandemic.
The report includes recent examples of the damage attacks can wreak. One university suffered a ‘password spraying’ attack, where commonly used passwords are used to attempt to access numerous accounts. It resulted in around 1,000 accounts compromised, almost all belonging to students, which took around 80 workingdays for IT staff to sort out.
The attack also led to phishing attacks on people at other universities and organisations. In April 2019, Jisc said that its own penetration testing of UK universities using phishing was 100% successful in gaining access to high value data within two hours.
The report also discusses a further education provider which suffered from a campaign of phishing attacks, where fraudsters attempt to disguise themselves as a trusted person or organisation to obtain information. This affected some 40 accounts and leading to costs ofabout £30,000 over 12 months.
Some attacks have a direct impact, with the same organisation also suffering a denial of service attack that hit online student exams. Across the sector, Jisc said that it saw more than 1,100 denial of service attacks targeting 236 of its members.
Another further education provider was the victim of a ransomware attack on results day in August 2020, shutting down systems including email and the student portal, significantly disrupting enrolment. “Today has been among the most challenging days in college history,” the unnamed organisation said in the report.
Jisc said it believes its members are becoming better prepared to deal with online attacks. But it adds: “Our work has concluded that it is a case, for all institutions,of when an incident or a breach will occur and not if one will occur.”
In September, the National Cyber Security Centre warned that criminals are increasingly targeting education providers with ransomware attackers and provided guidance on improving defences.
Image from NCSC, Open Government Licence v3.0
Amended on 24 November to show report on penetration testing was published in April 2019