Newly published research suggests that a quarter of UK universities believe their research programmes may have been infiltrated, and more than half confirm that a cyber attack has led to research data ending up in foreign hands.
The 'University Challenge: Protecting research in higher education' report commissioned jointly by VMware and Dell EMC, studied how 68 UK universities that conduct research programmes combat cyber threats. The answer would appear to be "must try harder."
While scientific research (54 percent) was the most targeted data, medical (50 percent), economic (37 percent) and defence (33 percent) also featured highly on the attacker radar. Given that in 93 percent of cases those research programmes have been commissioned by UK government sources, and a third of those asked say the research had national security implications, the risk here is clear and obvious. Yet despite the research programmes generating an average of £22 million for each university, and half those asked agreeing that a successful breach could lead to "serious financial loss," 49 percent of the university IT leaders questioned admitted a lack of investment means they need better cyber-security. Indeed, the survey suggests that on average UK universities have a £7 million IT budget each, but only commit eight percent of this towards cyber-security. Of the average £22 million they earned
through research, only seven percent went towards data protection.
"Keeping pace with today’s sophisticated cyber-threats is an enormous challenge," Louise Fellows, director, public sector UK&I at VMware admits, adding "those responsible for protecting universities and the data that they hold must examine how they can evolve practices and approaches in line with an increasingly complex threat landscape, including cyber-security as a consideration at every stage of the research process by design."
SC Media UK asked Dr. Jonny Milliken, PhD who is manager of Threat Research at Alert Logic, that given these universities are home to have some of our finest brains and that research is generating a large income, why it is it that they are having so much trouble in securing their data? "Even the largest corporations and governments find it challenging to completely secure their systems,"
Dr. Milliken told us, "Universities tend to exhibit all of the risks of a large organisation but generally do not allocate appropriate levels of investment to support cyber-security and IT." Which, combined with the valuable nature of the data on offer, makes them particularly well targeted domains. "If only a quarter of universities think they’re being attacked daily," Dr. Milliken concludes, "then the other three quarters aren’t looking hard enough and need more insight into their threat surface..."
John Chapman, chief information security officer, UK Public Sector, at Dell EMC agrees that universities are under the microscope of some of the world’s most well-resourced and potent cyber attackers and that the study might encourage them to look more critically at their cybersecurity]readiness. He says, "Universities must do more to protect themselves and the sensitive information they hold against the ever-expanding range of increasingly sophisticated threats."