From education to employment

Hackers target academic research at UK universities

John Chapman, Chief Information Security Officer, UK Public Sector, Dell EMC

University research programmes under threat from cyber attacks – Hackers exploit lack of IT investment to target scientific, medical, economic and defence research.

The Australian National University (ANU) has detected a cyber attack by a “sophisticated operator” on the college’s systems, providing data extending back 19 years.

Attacks on universities are by no means unique to Australia and are becoming a wider global trend, including in the UK.

The ANU hack has purportedly been undertaken by hackers based in China, following another internet security breach at the university last year which was tracked back to Beijing. These have concerns have been elevated by the fact that the ANU has close links to the Australian government and military – likely in the form of sensitive research data. This could include scientific, medical and defence research, amongst others.

In the context of these recent state-sponsored attacks targeting national secrets, a recent study by VMware and Dell EMC highlighted how cybersecurity in higher education is critical to Britain’s defences and national security as hackers target its research data.

The study of 68 UK universities with research programmes found:

  • In 93 percent of cases, research programmes have been commissioned directly by UK government sources, with almost a third of research in the interests of national security
  • One in 10 respondents ‘strongly agree’ a successful attack on their research could have a harmful impact on the lives of UK citizens
  • One in four believe their security and defence research may have already been infiltrated
  • And over half (53 percent) say a cyberattack on their institution has led to research ending up in foreign hands
  • A quarter of senior IT leaders surveyed at UK universities say their institution is targeted on a daily basis 

VMware and Dell EMC have revealed findings from a research study regarding the scale of the challenge UK universities are facing to keep their academic research safe, as cybercriminals target scientific (54 percent), medical (50 percent), economic (37 percent) and defence research (33 percent).

In 93 percent of cases, research programmes have been commissioned directly by UK government sources, with almost a third of respondents stating their research is in the interests of national security. In light of this, and the threat to which programmes are under, one in 10 strongly agree a successful attack could have a harmful impact on the lives of UK citizens.

Findings from the study also show that one in four (24 percent) UK universities believe their security and defence research may have already been infiltrated, while over half (53 percent) say a cyberattack on their institution has led to research ending up in foreign hands.

Louise Fellows, Director, Public Sector UK&I at VMware comments,

“British universities have long been celebrated around the world for their academic excellence, and the role they play in not only driving technological and social innovation through research, but also advances in defence and security. Keeping pace with today’s sophisticated cyber threats is an enormous challenge. Those responsible for protecting universities and the data that they hold must examine how they can evolve practices and approaches in line with an increasingly complex threat landscape, including cybersecurity as a consideration at every stage of the research process by design.”

Research generates on average £22m per university surveyed, and is a key source of income for UK universities and their contribution to the UK economy.

Protecting that income is vital, particularly when over half the respondents believe that a successful cyberattack on their research data could result in serious financial loss for their institution. Despite an understanding of the financial consequences of successful breaches, and recognition of the obstacles faced to adequately address the cyber security challenge, almost half (49 percent) of the university IT leaders recognise that a lack of IT investment is one of the forces driving the need for more robust cyber security practices.

In the context of recent state-sponsored attacks targeting national secrets, these findings highlight how an increase in universities’ cyber security spend is important, not only because of the high percentage of programmes commissioned by UK government sources, but also to the integrity of the research produced by higher education institutions.

John Chapman, Chief Information Security Officer, UK Public Sector, Dell EMC comments:

“In conducting research that may shape the future of the nation and its citizens, universities are under the microscope of some of the world’s most well-resourced and potent cyber attackers. We hope this study will encourage them to look critically at their cyber security readiness. Universities must do more to protect themselves, and the sensitive information they hold, against the ever-expanding range of increasingly sophisticated threats.”

About the research: This Vanson Bourne research study surveyed 75 senior IT leaders across 68 UK universities between November and December 2018.  VMware and Dell EMC sponsored the study. 

About VMware: Software that powers the world’s complex digital infrastructure. The company’s cloud, networking and security, and digital workspace offerings provide a dynamic and efficient digital foundation to over 500,000 customers globally, aided by an ecosystem of 75,000 partners. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough innovations to its global impact. 

About Dell EMC: Part of Dell Technologies, Dell EMC enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions.

 


Related Articles

Responses