Universities and colleges told to prepare for a wave of cyber attacks

A lecture hall filled with students using laptops

(Image credit: Shutterstock)

Universities and colleges are being warned of a rising number of cyber attacks that could threaten the start of term.

The alert from the National Cyber Security Centre (NCSC) follows an investigation into a recent spate of attacks on colleges and universities around the country, including ransomware attacks that disrupted Newcastle and Northumbria universities at the start of September.

What is ransomware? Hackers hold Newcastle Uni student data to ransom Six universities among those hit by Blackbaud ransomware attack

The NCSC is recommending that organisations implement a 'defence in depth' strategy to protect against the threat of malware. This approach recommends the use of a layered system of security measures with multiple defence mechanisms ready to step in if one is compromised.

Organisations are also being advised to implement an incident response plan, which should include a scenario for a ransomware attack that has been fully exercised.

"This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible," said Paul Chichester, director of operations at the NCSC.

"While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted."

RELATED RESOURCE

2020 email security strategy guide

A people-centric approach to stopping malware, phishing, and email fraud

FREE DOWNLOAD

The NCSC's investigation began in August, shortly after cloud service provider Blackbaud notified its customers that it had been hit by ransomware, a clientele that is mostly made up of non-profit organisations and education providers. A number of universities and colleges were reported to have lost data in the attack.

At the start of September, Northumbria University was forced to cancel exams and shut down its clearing hotline after a cyber attack. This was swiftly followed by a similar incident at Newcastle University, which forced a number of online support services offline.

Ahead of the new academic year, with students returning to universities and colleges under social distancing measures, the NCSC has issued a set of security recommendations. These include an effective vulnerability management and patching procedure, the use of multi-factor authentication, the scrapping of scripting environments and macros, and the installation of antivirus software to prevent phishing.

Bobby Hellard is IT Pro's reviews editor and has worked on Cloud Pro and Channel Pro since 2018.

In his time at IT Pro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognise him as the face of many of our video reviews of laptops and smartphones.

He has been a journalist for ten years, originally covering sports, before moving into business technology with IT Pro. He has bylines in The Independent, Vice and The Business Briefing.

Contact him at bobby.hellard@futurenet.com or find him on Twitter: @bobbyhellard