UK universities 'losing cyber security battle'

More than a third of UK universities are hit by a successful cyber attack every hour, according to a study that raises questions about institutions’ ability to cope with the rising tide of hacking.

A survey of IT leaders at 50 UK universities found that almost all – 87 per cent – had experienced at least one successful cyber attack, such as the distributed denial of service attack that brought down the nationwide JANET network four months ago.

But what was striking was the reported frequency of the violations, with 36 per cent of respondents saying that they had to contend with a successful cyber attack every hour.

Such attacks can leave staff, students and institutions’ economic interests highly vulnerable. Forty-three per cent of respondents said that hackers had targeted student data, including dissertation material and exam results, while a quarter had experienced intellectual property theft and had had research data infiltrated.

The survey, conducted by market research firm Vanson Bourne for cloud security developer VMware, underlined what is at stake in a cyber breach.

Seventy-nine per cent of respondents said their institution had experienced reputational damage as a result of a cyber attack, while 74 per cent said that they had had to halt a research project because of infiltration.

In a reflection of the sensitivity of the research being conducted in some higher education institutions, 77 per cent said that a security breach had the potential to impact national security.

The challenge is likely to increase in seriousness, with 83 per cent of IT staff who responded saying they believed that cyber attacks were increasing in frequency and sophistication.

But two-thirds of respondents (64 per cent) said that they did not believe that their university’s existing IT infrastructure would protect it against cyber attacks over the next 12 to 18 months.

And 85 per cent said that more funding must be given to IT security to protect intellectual property.

Tim Hearn, director of UK government and public services at VMware, said that the level of cyber threat that emerged from the survey was “quite a surprise”, and warned that universities risked “falling behind” on IT security.

However, he acknowledged that the “unique cultural environment” of higher education meant that a careful balance had to be struck.

“A university is there to provide an open and collaborative environment that allows people to learn by communicating with each other, so historically a university’s IT architecture has been based on an open environment with very little restriction on access to information and who you can communicate with,” he said. “Universities don’t want to lose that collaborative nature, because that is what stimulates learning, but at the same time they have got to cope with this increasing cyber threat.”

Mr Hearn said that universities needed to place the same level of importance on keeping research and student data secure as companies did on protecting customer information.

Another area in which the higher education sector should follow business’ lead is in making cyber security a priority at executive management team level, he said.

chris.havergal@tesglobal.com