weerapat1003 - stock.adobe.com

Hackers targeting UK universities a threat to national security

Poorly defended UK university research that is mainly commissioned by government is a top target for hackers, putting national security at risk, a study reveals, underlining the need for better cyber security

UK universities are continually under cyber attack, with a quarter reporting daily attacks. This presents an increasing risk to national security, with 93% of research commissioned by government and almost a third of that relating to national security, according to a study sponsored by VMware and Dell EMC.

The study of 68 UK universities with research programmes found they were struggling to keep research data safe, with hackers exploiting a lack of IT security investment to target scientific (54%), medical (50%), economic (37%) and defence (33%) research.

In light of this, and the threat research programmes are under, 10% of 75 senior IT leaders polled by Vanson Bourne research “strongly agree” that a successful attack could have a harmful impact on the lives of UK citizens.

Findings also show that nearly a quarter (24%) of UK universities polled believe their security and defence research may have already been infiltrated, while over half (53%) say a cyber attack on their institution has led to research ending up in foreign hands.

“British universities have long been celebrated around the world for their academic excellence, and the role they play in not only driving technological and social innovation through research, but also advances in defence and security,” said Louise Fellows, director, public sector UK and Ireland, at VMware.

“Keeping pace with today’s sophisticated cyber threats is an enormous challenge. Those responsible for protecting universities and the data they hold must examine how they can evolve practices and approaches in line with an increasingly complex threat landscape, including cyber security as a consideration at every stage of the research process by design,” she said.

Data breach could lead to serious financial loss

According to the study, research generates on average £22m per university polled, and is a key source of income for UK universities and their contribution to the UK economy. Protecting that income is vital, the study said, particularly when over half the respondents believe that a successful cyber attack on their research data could result in serious financial loss for their institution.

Despite an understanding of the financial consequences of successful breaches, and recognition of the obstacles faced to adequately address the cyber security challenge, the study found that almost half (49%) of the university IT leaders polled recognise that a lack of IT investment is driving the need for more robust cyber security practices.

“Universities must do more to protect themselves, and the sensitive information they hold, against the ever-expanding range of increasingly sophisticated threats”
John Chapman, Dell EMC

In the context of recent state-sponsored attacks targeting national secrets, the study said these findings highlight how an increase in universities’ cyber security spending is important, not only because of the high proportion of programmes commissioned by UK government sources, but also to safeguard the integrity of the research produced by higher education institutions.

John Chapman, chief information security officer, UK public sector at Dell EMC, said that in conducting research that may shape the future of the nation and its citizens, universities are under the microscope of some of the world’s most well-resourced and potent cyber attackers.

“We hope this study will encourage them to look critically at their cyber security readiness. Universities must do more to protect themselves, and the sensitive information they hold, against the ever-expanding range of increasingly sophisticated threats,” he said.

Research is treasure trove for cyber attackers

The higher education sector in the UK has long been a target for cyber criminals, tempted by the world-leading academic research that universities produce in sensitive areas such as medical and defence, according to Talal Rajab, head of programme, cyber and national security at TechUK.

“As the cyber threat evolves, and attacks become more sophisticated, it is imperative that universities invest heavily in their cyber defences and protect the professional and personal data of the 2.5 million students and staff learning and working in universities across the UK,” he said.

Despite a clear understanding among practitioners of the financial consequences of a successful breach, Rajab said investment levels remain relatively low. “This must change. Universities must invest in defensive measures, adapt to the ever-changing cyber threat and ensure that the profitability of their academic research remains protected,” he said.

However, the study quotes Matthew Storey, head of storage and virtualisation at Lancaster University, saying that the institution is already spending more time and resource focusing on the security of its systems.

“We take that responsibility seriously. We practice what we teach and seek to prevent, detect and be proactive with the use of technology to help look after the data we hold,” he said.

Read more about state-sponsored cyber attacks

Read more on Hackers and cybercrime prevention