More than 0 universities in the United Kingdom had their cyber-defenses tested by ethical hackers, and the ‘grades’ aren’t pretty

A team of ethical hackers recently conducted tests on the defenses of more than 50 universities in the United Kingdom. In each case, it took them less than two hours to gain access to “high-value ”.

This is according to The Higher Education Policy Institute (HEPI) and the non-profit Jisc, which provides digital services to academia in the UK.

Key to the 0-percent success rate of the simulated attacks was spear-phishing, a targeted form of phishing that involves sending a bespoke email to a well-researched prospective victim. These emails, where the sender pretends to be a trusted entity in a bid to convince the victim to open malicious attachments or visit websites, worked to the network of each participating university.

“Alarmingly, when using spear-phishing as part of its penetration testing service, Jisc has a 100-percent track record of gaining access to a higher education institution’s high-value data within two hours,” reads the report.

In some cases it took the white hats less than an hour to “reach student and staff personal information, override financial systems and access research databases”, said the BBC.

It is no wonder that are concerned. “We are not confident that all UK higher education providers are equipped with the adequate cybersecurity-related knowledge, skills and investment,” said John Chapman, head of Jisc’s Operations Centre.

According to the UK’s National Cyber Security Centre (NCSC), most actual attacks that target universities in the country are related to phishing and attempts to gain entry for ransomware and other , including with the aim of stealing sensitive research data and intellectual property.

Needless to say, besides the personal information of employees and students, universities hold staggering amounts of highly-valuable and commercially-sensitive research data.






Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here