Hackers breach university cyber protection in under two hours

Jisc tests reveal ‘potentially disastrous’ weaknesses in higher education data security

The head of Jisc’s security operations centre has called for urgent action after hackers broached universities’ cybersecurity in under two hours.

The HE internet service organisation conducted tests on 50 institutions to assess their cybersecurity systems. In every case hackers reached high-value data within two hours.

The 100 per cent success rate of the tests has raised serious questions about the security of personal data and highly sensitive research.

Jisc’s hackers reached student and staff personal information, financial systems and research databases.

The joint report from Jisc, which provides internet services to UK universities and research centres, and the Higher Education Policy Institute (HEPI) said it is “critical university leaders consider whether their cyber protection governance is sufficiently robust”.

Last year, Jisc registered a 12 per cent increase in the number of cybersecurity incidents reported to its Incident Response Team.

After the results were revealed, Dr John Chapman, head of Jisc’s security operations centre, said that action was needed “to avert a potentially disastrous data breach or network outage”.

“We are not confident that all UK universities are equipped with adequate cybersecurity knowledge, skills and investment,” Chapman said.

Prof David Maguire, chair of Jisc and vice-chancellor of the University of Greenwich, said: “Developing strong cybersecurity policies is vital not only to protect data but also to preserve the reputation of our university sector.”

Last year, the University of Greenwich was the first university to be fined under the Data Protection Act. It incurred a £120,000 penalty for holding data on an unsecured server.

Nick Hillman, director of HEPI, said: “Future UK economic growth is highly dependent on university research.” Following two large-scale attacks on UK universities in 2018 from Iranian and North Korean hackers, Hillman said it was clear there was a threat from “a few unscrupulous foreign governments”.

The report also made clear that striking a balance between openness and security was important for a sector that should prize both.


Got a news story for UB? Contact James Higgins on 0117 300 5526