e-Careers

Ethical Hackers Break Down UK University Defences

A decent nap. Watch a football match. Write this article.

That is a list of things I could accomplish in two hours. Hacking into a University’s cyber defences is not one of them, and I wouldn’t expect it to be that easy for anyone.

Surely the defences of an educational institution with millions of bits of sensitive data about students and research would be slightly better protected than that?

Apparently not.

This morning, reports were released that Ethical Hackers working for Jisc, the agency working to provide internet services to the UK’s universities and research networks, were able to access personal data, finance systems and research networks within two hours. Shockingly, some only took a single, solitary hour to be accessed.

These simulated attacks were carried out on more than 50 universities around the UK. This penetration testing method has worked; university research projects are a major target for Hackers, with more than 1,000 attacks being carried out in 2018 alone.

So, the idea was to identify the weaknesses in the systems, which the attack has done; the troubling issue is just how many weaknesses there are.

A report published by Jisc and the Higher Education Policy Institute showed a 100% success rate in getting through the cyber-defences. Something needs to change.

“Spear phishing” came out as the man of the match technique for the team of Ethical Hackers from Jisc.

Spear phishing is like phishing’s bigger, harder, tougher, trained in some form of martial art, older brother. Phishing will try to trick you with the lure of 500 million dollars from a country you’ve never been to going straight into your bank account. Spear phishing will use a trusted source to try and trick you instead.

The upgrade from normal phishing to spear phishing is an appropriate example of how cyber-attack methods have become more sophisticated. It is also an appropriate example to tell you why the next generation of cyber security specialists need to have the right knowledge and training to keep these attacks at bay.

At e-Careers, we offer a range of cyber security courses from Mile2, one of the world’s leading cyber security awarding bodies. Their courses have been endorsed and implemented by the likes of the FBI and the American National Security Agency. They offer the ideal platform for any current or aspiring cyber security professional to stop cyber-criminals from accessing networks and data, and with the rise in sophistication of cyber-attacks, the skills gap can’t be plugged soon enough – especially for the UK’s higher education system!