top of page
Writer's pictureRachel Thompson

Further and higher education institutions suffer weekly cyber attacks

In the latest Cyber security breaches survey 2023, it was found that a whopping 85% of higher education organisations and 82% of further education institutions identified breaches or attacks. In 2023, it was reported that The University of Manchester suffered a data breach, with the attacker potentially gaining access to data from 40,000 students and 12,000 staff members. This attack may also have compromised millions of NHS patient records. They’re not alone in this though. Other institutions such as the University of Northampton, the University of Central Lancashire, Newcastle University, Oxford University College, University of Hertfordshire, and Portsmouth University have faced ransomware and cyber attacks in the past few years.


Higher risk for higher education


In fact, universities are at particular risk due to having very large attack surfaces for cyber criminals to exploit. An attack surface refers to the sum of vulnerabilities that a business or organisation has that can be used by hackers to gain access to steal data, compromise systems or lock users out. The attack surface is so large for universities because they have complex domain networks (including domains and sub-domains) which provide a huge number of potential entry points for threat actors. The smaller the attack surface, the safer the organisation is. 


Additionally, research and innovation happening at universities can place them firmly in the crosshairs. Gaining access to intellectual property, pioneering research and highly sensitive data makes them a target for attacks all across the UK. 


In the Cyber Security Breaches Survey 2023 by the Department for Science, Innovation and Technology, it is reported that further education and higher education institutions are more likely to experience breaches and attacks than schools, and to experience a wider range of attack types, such as impersonation, viruses or other malware, and denial of service attacks.


Further education risk is not insignificant


In the same survey by the Department for Science, Innovation and Technology, it was reported that 36 further education colleges suffered a breach in 2023 and that 31% experienced breaches or attacks at least weekly.


Despite these alarming figures, it’s encouraging that 70% of colleges have a governor or senior manager with responsibility for cyber security, which may be why these establishments have far more awareness of Government-led campaigns and initiatives that support their cyber security, compared to primary and secondary schools. 


The Cyber Security Breaches Survey 2023 also found that further education institutions were highly likely to have undertaken activities to identify cyber security risks. Also, 98% of colleges have completed risk assessments, penetration testing, audits and more.


Even with the most stringent of processes, there are still risks in the supply chain for further and higher education establishments. Some bigger institutions may have hundreds of different third party suppliers in their supply chain and it can be extraordinarily difficult to effectively mitigate risk across the entire supply chain. 


Identifying vulnerabilities


Whilst many further and higher education institutions have dedicated staff members with responsibility for cyber security, engaging with external bodies to conduct vulnerability assessments and audits as well as training for the wider staff can be highly beneficial.


The North West Cyber Resilience Centre is a police-backed, not for profit organisation that engages with North West businesses and education institutions to support them to be cyber resilient. 





Read more here about what we offer to our education members and partners and find free resources and guidance.

Comments


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page