Universities fighting prolific cyber threats with automation
How to defend universities from evolving cyber threats
Earlier this year three UK universities were hit by a cyber attack that paralyzed campus IT systems forcing students and staff to work from home. Reports linked the suspected distributed denial of service (DDoS) attacks at the University of Cambridge, the University of Manchester, and the University of Wolverhampton to Anonymous Sudan — a group protesting about events in the Middle East.
This was not an isolated incident. In 2023, data belonging to the University of the West of Scotland was ‘put up for auction by an extortion cybergang’ after a reported breach. While the motives behind both attacks may be different, the damage to the UK’s universities is immeasurable. And while there’s never a good time to be hit by a cyber attack, there are times when it can be catastrophic.
“Our business is seasonal, so we recruit most students during a specific window,” explained Mark Wantling, CIO at the University of Salford. “If an attack happened during the two-day clearing period, it could mean £30m a year in lost revenue for three years.
Of course, the cybersecurity threats facing the UK’s education sector are well known. As institutions that handle vast amounts of personal information, research data, and intellectual property, they are a magnet for cyber criminals. In some cases, they are targeted for monetary gain. In other cases, they are the victims of state-sponsored attacks.
Education Lead at Tanium.
Whatever the motives, the results can be catastrophic
All of which points to one thing: Universities are big targets for those looking to cause maximum disruption either to score political points or to seek the greatest financial gain. Regardless, it’s down to the university cyber teams to ensure their IT estates are robustly defended. But it’s not easy.
“Without the right tools, universities are a challenging environment to defend — something which is compounded by the scale and complexity of their IT estate,” said John Couzins, Head of IT Security at Lancaster University.
“It’s not just the personal devices of staff, students and visitors that pose a risk. Anything and everything that can be plugged into a network — from printers and laptops to lab equipment, medical equipment and even particle colliders — is a potential entry point for hackers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Plus, many universities operate 24/7 with open access to libraries, computer labs and other areas making them difficult to police”.
Keeping universities safe is a complex challenge
Matters are made more complex because university campuses have such a high turnover of students each year, making education around cyber security awareness, ironically, all the more challenging. Faced with sustained threat levels, universities are constantly looking beef up their systems to implement next-generation security to help keep their campuses safe.
One technology in particular — Autonomous Endpoint Management (AEM) — appears to be getting top marks. It combines the power of real-time endpoint protection management with artificial intelligence (AI) to create a platform that is even faster at delivering data and insights across millions of endpoints. Combining real-time data with AI represents a quantum leap forward for universities looking to mitigate risks, manage their environments, and remediate incidents before damage occurs.
Speaking of one such platform, Andy Powell, Deputy Director and CTO at Canterbury Christ Church University calls it “the Swiss-army knife of cybersecurity.” According to Powell “it works across our challenging hybrid cloud environment with thousands of connected student devices to keep us constantly secure and compliant”.
“The speed at which we can identify and plug vulnerabilities is remarkable and we’re proud of what it now enables us to do. As a lean team, all the data we need is available in real-time on one, simple interface, and the automated processes that allow you to be hands off and save weeks of time is a huge benefit.” he said.
Security teams need to be proactive
For those working with a small team, there are plenty of measures that can be taken to improve security. The first is to break down silos — particularly between departments — so that security staff have full visibility across all their distributed endpoints over a single pane of glass.
“This has completely changed the way our team works and operates,” said Wantling from the University of Salford. “Our operations and security teams now work on the same dashboard with the same metrics and the same objectives. They now share a single source of truth, which makes reporting infinitely easier and more impactful.”
Like many universities, Wantling and his team have also improved their risk assessment capability to identify, prioritize, and remediate access rights and dependencies. This makes it possible to instantly detect and shut down lateral movement.
But, perhaps, the biggest obstacle to improving security is to change the culture to one that takes security seriously. Such a change in mindset could include moving towards Zero Trust, or a framework that assumes an organization's security is constantly at risk from internal and external threats.
The good news is that there is plenty of help available to help tighten and strengthen security. For instance, the UK government’s Cyber Essentials framework is a priority for all British universities and requires IT teams to have thorough and efficient methods of ensuring compliance.
The guidelines are a critical component of helping the higher education sector avoid damaging cyberattacks and vulnerabilities. Not only does this emphasize keeping students safe, but it is also focused on protecting sensitive research data, which is so often a target.
With a constant target on their backs, universities need complete, real-time visibility of their IT environments to ensure the necessary level of defense against these attacks or risk becoming another high-profile victim of a cyber attack.
We've listed the best cloud antivirus.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Kirk Bellerby, Education Lead at Tanium.