Ransomware has emerged as the largest cyber threat to colleges and universities, according to a new survey by Jisc.
The not-for-profit technology services provider to the sector said its fifth annual cyber security survey – completed by 93 universities and 61 colleges – also shows that record numbers of college and university leaders consider cyber security a strategic priority.
Against a background of a sharp increase in ransomware attacks against the tertiary education sector, the respondents identified ransomware as the top threat in 2021, up from second last year.
Phishing was ranked second and accidental data breaches – those down to human error – in third.
The increasing acceptance of the importance of cyber security was shown by 92% of further education (FE) and 86% of higher education (HE) respondents saying it is now a strategic priority for senior managers – up by 5% and 4% respectively compared to 2020.
Dr John Chapman, head of Janet policy and strategy at Jisc, said: “This is really encouraging and exactly the trend we want to see, but it’s still the case that not all colleges and universities are as well protected as they could be, which is concerning.
“The incidence of ransomware attacks against the sector has rocketed, with the same number of attacks in the first half of 2021 as in the whole of 2020, so we are pleased but not surprised that security is high on the agenda for the vast majority of Jisc members.
“Those organisations which do not take cyber security seriously probably won’t have the right processes and technical solutions in place to stop or mitigate an attack when it happens, and the impact could be devasting.”
The survey results suggest that steps are being taken to combat ransomware, including a sharp rise in the use of multi-factor authentication (MFA) - which can reduce the likelihood of a successful attack. Jisc advocates having it in place for all users and across all systems.
A total of 87% of HE and FE organisations have implemented it for some or all staff, up by 15% and 23% respectively on 2020. HE organisations deploying MFA for some or all students increased by 27% on 2020 to stand at 49%, while the numbers in FE are up by 3% to 13%.
Other highlights from the 2021 survey include:
- 41% of FE colleges reported no cyber security incidents within the last 12 months, compared to 37% of HE institutions.
- 73% of HE and 66% of FE organisations have implemented compulsory security awareness training for staff. This is broadly consistent with responses in 2020.
- The number of organisations reporting some form of cyber insurance also rose: 47% of HE and 72% of FE organisations have some form of cyber security cover, a rise of 6% for HE compared to 2020 and 12% for FE.
Image from iStock, Ostapenk Olena