UK higher education is undergoing significant change, and as technology is central to most of it, institutions must be cognisant of the threat and impact of growing cyberattacks on universities in order to safeguard their operations and their students, and to protect the international reputation of the UK sector.
Many organisations invest in multiple layers of “intelligent” technical controls to detect and deter cyberattackers. Yet the reality is that the most successful attacks succeed because of human error.
There is a growing understanding that effective cyber-resilience is as much about people and their behaviours as it is about technology. Higher education institutions should be developing their blueprints for cyber-resilience with an increased focus on their people.
With the annual student turnover, a plethora of devices and flexible operating models across departments, faculties and colleges, it becomes very difficult for institutions to understand and address their critical risks and, from this month, their new General Data Protection Regulation compliance responsibilities.
Higher education institutions are made up of a highly diverse group of entities (departments, faculties, schools, colleges and central support functions) engaged in a wide range of activities. To develop a successful, balanced strategy, those on universities’ council, senate and executive committees and other governance bodies must consider and respond to the following key questions:
- Do we know what our critical information is, where it is and who has access to it?
- What are the most significant cyberthreats and what are our vulnerabilities to these threats?
- How would our institution be affected if those risks were realised?
- Do we have an incident recovery plan that’s regularly reviewed and tested?
- Do we have an institution-wide cyber-resilient culture that our people actively support?
- In considering these questions, institutions will be actively developing their roadmap for improvement in the face of growing cyberattacks that threaten their reputation and standing around the world.
Director, Innovative Quality Solutions
General manager, cyber-resilience