Universities' cyberdefences are under pressure
The threat level against educational institutions is alarmingly high
Therefore, it is necessary to step up and prevent cybercriminals from gaining access to research data and personal data.
"One of the threats that needs to be taken very seriously is insider threats. There is a lack of awareness of this threat, and it can be serious," said Henrik Larsen, Head of DKCERT, when he presented the company's Trend Report 21 on information security at DeiC's annual conference for researchers and teachers from higher education.
The cyber threat to universities
According to DKCERT's Trend Report 2021, the risk of cyber-espionage, cybercrime and insider threats to the Danish education and research sector is very high.
Read more about the Trend Report further down this page
Simple messages about cyberthreats
There is a broad consensus that employees in the education sector also need education about the cyber threat to universities.
Lis Kelså and Pernille Berg from Kelsa Media and the Humour Against Hacking awareness campaign spoke at the conference about behavioural research and what it takes to get employees interested in the topic:
"First of all, we present the messages in a simple and easy-to-understand way. This fits with what we know from cognitive science and behavioural research: this is the best way to remember important cybersecurity messages."
Worrying threat to universities
Universities are a highly attractive target for hackers because of the data they hold, but also because of their open nature with students, researchers, and administrative staff.
When DKCERT's Trend Report 2021 concludes that the risk of cyber espionage, cybercrime and insider threats to the Danish education and research sector is very high, it is partly because
- Valuable research data can fall into the wrong hands. It can become a national security issue - for example, in connection with Covid-19
- Employees and students risk becoming victims of ransomware attacks and unintentionally sharing confidential and sensitive information
- Licences for expensive research databases can be stolen and information from them can then be copied or resold.
Few sectors take on as many new people each year as education, further increasing vulnerability.
Universities are exposed to all types of attacks. These include phishing, malware, ransomware, espionage, CEO fraud and licence theft.
The threat has also increased because many university employees work from home. The number increased significantly during the corona crisis, and that trend continues. Many people still work from home for part of their working hours.
Working from home places additional demands on secure IT behaviour, and good habits need to be taken to the home office.
The recommendations for leaders and IT managers in the education sector are clear:
- Allocate resources for training and competence development of all employees in information security
- Support a culture where risk and security are considered from the start in the development of products and services, and where dialogue about information security is part of the security work.
- Restrict user privileges and keep devices up to date.
- Make backups of all data that needs to be protected and restrict access to critical data.
- Educate users about security risks and precautions.
While it may seem a bit bleak, there is hope!
By 2021, we'll be more aware of the cyber threat, which will have a positive impact on our security infrastructure, according to the report. New collaborations and tools are being developed, more funding is being made available, and more programmes, courses and learning platforms are being created.
The photos on this page are from DeiC's Annual Conference 2021, which was held at the Vingsted Conference Centre between Vejle and Billund.