The UK’s National Cyber Security Centre has published a report warning UK universities that "state espionage will continue to pose the most significant threat to the long-term health of both universities and the UK itself".
It said that phishing attacks and malware pose the most immediate, disruptive threat, but the longer-term threat comes from nation states intent on stealing research for strategic gain.
The report said that academic institutions should "adopt security-conscious policies and access controls" to mitigate risks, "as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area".
The assessment found that the open and outward-looking nature of the universities sector, while allowing collaboration across international borders, also eases the task of a cyber-attacker.
The report highlighted an example of this in an attack from last year attributed to Iranian actors in which they were able to steal the credentials of their victims after directing them to fake university websites.
The attack took place across 14 countries, including the UK, and many of the fake pages were linked to university library systems, indicating the actors’ appetite for this type of material," the report said.
The report added that many university networks contain a collection of smaller, private networks, providing close-knit services for faculties, laboratories and other functions. These private networks are likely more vulnerable to persistent infection or unauthorised access.
However, this same segregation offers an opportunity to separate high-value or sensitive data and information, and apply a higher level of protection, without impacting the openness of the wider network, the report said.
Sarah Lyons, deputy director for economy and society at the National Cyber Security Centre, said that the NCSC’s assessment helps universities "better understand the cyber-threats they may face as part of the global and open nature of research and what they can do about it using a Trusted Research approach".
"NCSC is working closely with the academic sector to ensure that, wherever the threat comes from, they are able to protect their research and their universities in cyber-space," she added.
The assessment also highlights the financial damage which can be caused by cyber attacks on UK universities, citing previous figures from UK Finance which estimated that UK university losses from cyber-crime for the first half of 2018 were £145 million.
Corin Imai, senior security advisor at DomainTools, told SC Media UK that educational institutions are a notoriously ripe target for cyber-criminals, first and foremost for the valuable intellectual property stored on their servers, but also for the wealth of information that universities collect about their students and staff.
"The warning issued by the NCSC goes to show that steps are being taken at a governmental level to prepare educational institutions for the eventuality of an attack, and that a risk assessment has been conducted," he said.
Paul Edon, senior director technical sales and services (EMEA) at Tripwire, told SC Media UK that we have seen the effects that cyber-attacks can have on educational institutions, which is why it pays to make attackers lives as difficult as possible.
"The only way to do this is to implement security and defence tools that we already know work, like perimeter protection tools such as firewalls, network segmentation to contain any threat discovered as well as vulnerability assessment solutions," he said.