Universities are taking cybersecurity more seriously than ever, the higher education IT organisation Jisc has said, as it announced results from its annual survey.
The fifth annual cybersecurity survey found that 86% of HE providers think the issue is a strategic priority for senior managers to tackle – the figure represents a four percentage point increase on the 2020 survey.
Ransomware, phishing and accidental data breaches caused by human error were ranked the first, second and third biggest threats to HE security by respondents. Cyber attacks on universities are not uncommon. Jisc revealed in July 2021 that it had received more reports of ransomware attacks in the first six months of the year than in the entire 12 months of 2020.
Earlier this year, the National Cyber Security Centre (NCSC) reported a marked increase in attempts by cybercriminals to breach university IT defences. It issued new guidance to institutions at the time. The survey suggests nearly half of UK universities surveyed (47%) have taken out cybersecurity insurance, a rise of 6%. Jisc puts the cost of recovering from a cyber attack at a conservative £2 million.
The survey suggests more is being done to combat ransomware, with more universities reporting the use of multi-factor authentication (MFA). Jisc said it “advocates having it in place for all users and across all systems”.
The incidence of ransomware attacks against the sector has rocketed, with the same number of attacks in the first half of 2021 as in the whole of 2020
– Dr John Chapman, Jisc
Eighty-seven per cent of universities are implementing MFA to some or all staff up by 15 percentage points on last year. More universities are using MFA for students, with the survey suggesting that almost twice as many universities are employing the security system with students than last year. Seventy-three per cent of universities have implemented compulsory security awareness training for staff, similar to the figure in 2020, but only 9% have run similar courses for students.
Dr John Chapman, head of Janet policy and strategy at Jisc, said: “This is really encouraging and exactly the trend we want to see, but it’s still the case that not all colleges and universities are as well protected as they could be, which is concerning.
“The incidence of ransomware attacks against the sector has rocketed, with the same number of attacks in the first half of 2021 as in the whole of 2020, so we are pleased but not surprised that security is high on the agenda for the vast majority of Jisc members.
“Those organisations which do not take cyber security seriously probably won’t have the right processes and technical solutions in place to stop or mitigate an attack when it happens, and the impact could be devastating.”