|Open, outward facing and collaborative equals more vulnerable!|
The NCSC’s threat assessment aims to raise awareness of state-sponsored espionage targeting high-value research, as well as the risk of financial losses at the hands of cyber criminals. While the NCSC has been working with the academic sector on an ongoing basis to improve security practices, this is the first threat assessment it has produced specifically for universities.
The assessment notes that while cyber criminals using methods such as phishing attacks and malware pose the most immediate, disruptive threat, the longer-term threat comes from nation states intent on stealing research for strategic gain.
To mitigate the risks, universities are encouraged to adopt security-conscious policies and access controls, as well as to ensure potentially sensitive or high-value research is separated rather than stored in one area.
Why are attacks against universities successful?
In both culture and technology, universities are one of the most open and outward facing sectors. This enables and eases collaboration between academics across borders, and is likely a key component of their success. Unfortunately, this also eases the task of an attacker.
Measures to support universities have been outlined in Trusted Research, from the Centre for the Protection of National Infrastructure (CPNI) and the NCSC, which offers accessible and actionable cyber security advice for university leaders, staff & researchers. The threat assessment for universities can be read here with a blog post also discussing the research in detail.