In the latest Cyber security breaches survey 2023, it was found that a whopping 85% of higher education organisations and 82% of further education institutions identified breaches or attacks. In 2023, it was reported that The University of Manchester suffered a data breach, with the attacker potentially gaining access to data from 40,000 students and 12,000 staff members. This attack may also have compromised millions of NHS patient records. They’re not alone in this though. Other institutions such as the University of Northampton, the University of Central Lancashire, Newcastle University, Oxford University College, University of Hertfordshire, and Portsmouth University have faced ransomware and cyber attacks in the past few years.
Higher risk for higher education
In fact, universities are at particular risk due to having very large attack surfaces for cyber criminals to exploit. An attack surface refers to the sum of vulnerabilities that a business or organisation has that can be used by hackers to gain access to steal data, compromise systems or lock users out. The attack surface is so large for universities because they have complex domain networks (including domains and sub-domains) which provide a huge number of potential entry points for threat actors. The smaller the attack surface, the safer the organisation is.
Additionally, research and innovation happening at universities can place them firmly in the crosshairs. Gaining access to intellectual property, pioneering research and highly sensitive data makes them a target for attacks all across the UK.
In the Cyber Security Breaches Survey 2023 by the Department for Science, Innovation and Technology, it is reported that further education and higher education institutions are more likely to experience breaches and attacks than schools, and to experience a wider range of attack types, such as impersonation, viruses or other malware, and denial of service attacks.
Further education risk is not insignificant
In the same survey by the Department for Science, Innovation and Technology, it was reported that 36 further education colleges suffered a breach in 2023 and that 31% experienced breaches or attacks at least weekly.
Despite these alarming figures, it’s encouraging that 70% of colleges have a governor or senior manager with responsibility for cyber security, which may be why these establishments have far more awareness of Government-led campaigns and initiatives that support their cyber security, compared to primary and secondary schools.
The Cyber Security Breaches Survey 2023 also found that further education institutions were highly likely to have undertaken activities to identify cyber security risks. Also, 98% of colleges have completed risk assessments, penetration testing, audits and more.
Even with the most stringent of processes, there are still risks in the supply chain for further and higher education establishments. Some bigger institutions may have hundreds of different third party suppliers in their supply chain and it can be extraordinarily difficult to effectively mitigate risk across the entire supply chain.
Identifying vulnerabilities
Whilst many further and higher education institutions have dedicated staff members with responsibility for cyber security, engaging with external bodies to conduct vulnerability assessments and audits as well as training for the wider staff can be highly beneficial.
The North West Cyber Resilience Centre is a police-backed, not for profit organisation that engages with North West businesses and education institutions to support them to be cyber resilient.
Read more here about what we offer to our education members and partners and find free resources and guidance.
