Colleges and universities have been strongly urged to take the increasing threat of cyber attacks seriously, as students return to campuses across the UK.
The National Cyber Security Centre (NCSC), part of the GCHQ intelligence agency, issued the warning as the academic year gets underway across all levels of the education system.
There is serious concern that alongside the struggles that schools, colleges and universities are already facing due to the pandemic, cyber-attacks could “de-rail their preparations for the new term” according to experts.Paul Chichester, the NCSC’s director of operations, said: "The criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.""I would strongly urge all academic institutions to take heed of our alert."
What prompted the warning?
The warning follows attacks on Newcastle and Northumbria universities in the last month, plus several further education colleges in Yorkshire and Lancashire in August.
There was also a high profile attack earlier this year, involving cloud computing supplier Blackbaud, which affected more than 20 organisations in the UK, US and Canada, including charities and universities.
Experts estimate that universities face up to a thousand cyber attacks per year in the UK, and the NCSC is particularly concerned that with many staff still working from home or remotely, they may be more vulnerable than usual.
What is a cyber attack?
Most of the attacks have been “ransomware” incidents, in which users are locked out of their computer systems and networks by malicious software, with online services, phone networks and websites all potentially affected.
Typically, these attacks are followed by a ransom note demanding payment to allow users to re-access their networks and data.This demand for payment is often accompanied with threats of the public release of sensitive data.
“Phishing” attacks, which rely on people clicking on harmful links in email or messaging platforms, are also a common style of cyber attack, which often lead to ransom demands.
The organisation which handles internet services for UK universities has backed the intervention, warning that the action must be taken to reduce the risk of attacks.
Universities UK says it is working on “robust guidance on cyber-security” with the NCSC which will be released later this academic year