With a recent security analysis of cyber-attacks against universities and colleges in the UK has discovered that staff or students could be responsible, Dr Guy Bunker, SVP of Products at data security company, Clearswift commented below. Guy reveals why the insider is a major threat to organisations and what universities and similar bodies can do to mitigate the risk, including promoting cybersecurity as a career choice.
Dr Guy Bunker, SVP of Products at Clearswift:
“It’s very easy in this day and age to immediately jump to the conclusion that external cybercriminals are responsible for cyber-attacks and breaches, despite research indicating that most attacks come from inside the organisation. In this instance, this appears to be the case, with the pattern of attacks being linked to term time and during the day (no doubt students have better things to do in the evenings!) Add to this, that students see the educational network they are on as a ‘safe’ place to carry out their early forays into cyber-attacks, ‘I wonder if we can…’ being a common attitude. As with any cyber-attack, organisations need to be prepared, monitoring networks for anomalous behaviour and then tracking down the source. The monitoring needs to happen on the gateways to the Internet as well as internal networks, as this will cover both eventualities of an external attack as well as an internal one.
“There are a number of alternative scenarios to be considered here too. It could be that an external cyber-criminal has gained access to legitimate credentials – such as usernames or passwords – in order to launch an attack inside. In this case, monitoring then needs to extend to the time/day of logins as well. Going about an attack in this way, there is a considerable amount of information that can be gathered, which then creates the resource issue for the university of correlating and then analysing data to figure out what to do next. It could also be that student devices, laptops, smart phones, tablet, can also become infected with malware because of IoT and cause issues when connecting to the network. This reiterates why the need for a segregated network for ‘uncontrolled’ devices is essential. It also becomes even more important to put strong defences around research which could be targeted by external cyber-criminals.
“We are short of cyber security experts in the UK (and across Europe and the world), so it would be ideal if the internal students who are doing these things could be encouraged to put their skills to better use and potentially a career in cybersecurity. There are a number of great national initiatives, such as the Cyber Security Challenge, but it is also possible for universities to arrange local events, hackathon, etc to encourage participation. Educating people on how to cyber-attack an academic networks is a bad idea – but encouraging people with the skills to become ‘white hats’ is a way to start to close the skills gap. For those who are truly being malicious, there is a need to find them and take appropriate actions, but this isn’t easy. Putting in place appropriate monitoring will help, but perhaps an amnesty with a constructive programme of education and training might work better in this instance for the majority.”