The key risk, in fact, two-fold. Primarily, it comes from ne’er-do-wells looking for financial gain via untargeted attacks; however, they do “have the potential for greater financial impact”, reports the cybersecurity agency.
In the meanwhile, though, the report sounds an alarm on a more silent threat, one that is “possibly to cause greater long-term harm” – state-sponsored attacks and surveillance. These infiltrations seek concerted strategic gain and are aimed at intellectual property theft institutions housed valuable research data and other assets, which is why they largely fall under cyber attacks.
From a technical perspective, attacks involving social engineering remain a staple. Indeed, a team of ethical hackers recently conducted simulated attacks at more than 50 universities in the UK and, in every case, got their hands on high-value data within two hours.
Every university should be aware that cybercriminals make money by thieving personal data and selling it on the black market to other criminals, who then turn the data into cash through a range of deceitful schemes. To cybercriminals, who are not interested in whose data they steal, these sources of personal data make an appealing target.
“Universities that do not adequately protect themselves risk the loss or exposure of personal information, staff data, institutional research data valuable to cybercriminals operating domestically and internationally,” the report said. Criminal gangs play a vital role in cyber-attacks particularly phishing attacks where malicious emails are used to fake the recipient into clicking through to a bogus website and entering a username and password.
The National Cyber Security Centre assessed with great precision that the Mabna Institute was almost certainly responsible for the operation targeting universities in the UK, US, and other Western countries.
To protect against incursions, the universities are being urged to ensure they have a range of basic measures including security-conscious policies and strict authentication and access controls, as well as making sure that university networks are crafted with security considerations in mind. Still, the primary line of defense is good security awareness among staff and students, as noted by the report.