Cyber security has long been a challenge for universities, and demonstrating that you take it seriously is now a prerequisite of grant funding and government contract applications. The introduction of the EU General Data Protection Regulation (GDPR) has increased the importance of cyber security and data protection. However, many universities continue to leave themselves vulnerable, and the number of recorded cyber attacks has doubled in recent years.
Cyber criminals often use social engineering tricks to access and compromise systems, manipulating people into opening scam emails, downloading malicious files or visiting fraudulent websites. The impact can be catastrophic, but risks can be vastly reduced through staff and student awareness training.
Kieren Lovell, head of the University of Cambridge’s computer emergency response team (CERT), explains how easy it is to be duped by cyber criminals:
“At the university, we frequently see criminal hackers intercepting insecure emails before the recipient receives them. It is not unusual for people to receive attachments that have been altered, including payment details on PDF invoices, so that monies end up in the hacker’s account. Another trick is to send an email pretending to be a student asking for advice. The reader is misled into opening an attached CV or file which turn out to be malware. These criminals use nothing but trust to get into our systems and it is quick work for them."
The government is working to reduce the level of cyber security risk along its supply chain and expects organisations applying for government contracts – including universities applying for research grants – to hold Cyber Essentials Plus certification.