A test of UK university defences has revealed that hackers are able to break down walls and steal high value data within just two hours.
Perhaps most alarming is the fact that the favoured method of attack by hackers is ‘spear phishing’ emails, effectively email-spoofing that targets a specific organisation or individual, seeking unauthorised access to sensitive information.
It’s a stark wake-up call for universities, who deal in masses of personal data as well as highly-valuable commercial Intellectual Property, and a valuable reminder of just how important email security is when it comes to data protection.
Thankfully the recent hacks on university defences were part of a penetration test carried out by ethical hackers on behalf of ‘Jisc’, the agency which provides internet services to universities and research centres in the UK.
We applaud the project, which has allowed universities to look at their defences and make improvements before a real hack takes place. And at Beyond Encryption we too are big advocates of penetration testing.
Businesses are required to check their electrical appliances with PAT testing on a regular basis; so why shouldn’t we test our cyber security?
The penetration tests by Jisc were carried out on more than 50 universities in the UK, with some being attacked multiple times. It found that in every case, hackers were able to obtain high value data within just two hours. Information such as student and staff details was obtained as well as access to research databases and, more worryingly, the ability to override financial systems.
The fact that the hacks emanated from email reinforces comments from The National Cyber Security Centre, which told the BBC that most attacks on UK universities were related to phishing and attempts to gain entry for ransomware and malware.
So how can you protect yourself if you’re a university – or any other organisation for that matter?
Test your systems We’d encourage all businesses and organisations to consider penetration testing or, at the very least, a regular audit of their cyber security. You can only bolster your areas of weakness if you know where they are.
Use staff as your first line of defence The first line of defence is always to ensure staff are clued up on these types of scams and the warning signs. Hold regular training and teach them to look out for tell-tale signs of a scam, like poor grammar or hovering over the email address to check it’s the right one.
Guard your emails with the highest level of protection Sending an email without encryption is like walking out of your house without closing the door – a burglar can walk straight in. Sending an email with encryption is better, it’s like closing the door, but sending with our Mailock service is like closing the door and locking it behind you.
The system not only encrypts emails so hackers can’t penetrate them, but it also allows users to verify they’re opened by the intended recipient. It does this by allowing users to challenge the recipient’s identity before permitting access.
Beyond Encryption’s Mailock system is available to purchase for less than the cost of a cup of takeaway coffee per week. To find out more email firstname.lastname@example.org