Why cyber security should be top of every uni's priorities
Head of business and technology at the University of Gloucestershire, Prof Kamal Bechkoum, explains why new processes are needed
Posted by James Higgins | July 10, 2018 | Technology
cybersecurity, university-of-gloucester, digital-skills, national-cyber-security-strategy, gdpr

Universities will never be 100% secure from online threats because no one is completely safe when it comes to cybersecurity.

Higher education institutions (HEIs) are increasingly the target of online attacks. Most recently, nine Iranians, said to be working for the Islamic Revolutionary Guard Corps, were accused of hacking the computers of 7,998 professors at 320 universities around the world over the last five years. The hackers reportedly stole 31.5 terabytes of data including scientific research, journals and dissertations.

A recent survey from Jisc found that at the end of 22,000 students’ courses, 82% said digital skills were essential to their future careers but less than half of the group felt they were well prepared for the digital workplace.

All of this suggests that universities must do better with their own cybersecurity efforts and in improving students’ future skills which are vital for their employability.

Professour Bechkoum works for the University of Gloucester which is spearheading efforts to develop a national HIE strategy for cyber security

IT security is not a new challenge for universities but following the recent introduction of GDPR, it is expected that HEIs will become liable for data breaches. This could mean fines of up to 2% of overall revenue or €10 million, whichever is higher.

In 2016 the UK Government set out plans to commit £1.8bn to the National Cyber Security Strategy, working with organisations from the private sector, public agencies and academia to create a National Cyber Security Centre, a Cyber Innovation Centre, and an Institute of Coding.

I was privileged to meet the then Chancellor of the Exchequer, George Osborne, and be part of discussions which led to plans for creating a National Cyber Park in Cheltenham with the National Cyber Innovation Centre at the heart of it.

I was privileged to meet the then Chancellor of the Exchequer, George Osborne, and be part of discussions which led to plans for creating a National Cyber Park in Cheltenham with the National Cyber Innovation Centre at the heart of it.

The University of Gloucestershire is now leading discussions with a select group of HEIs and businesses to discuss the shape and form of this national park. The University is also one of 17 institutions helping its graduates develop skills in writing safe and secure software, as part of the newly set up Institute of Coding.

The way we all work, play and socialise has changed because of this new phenomenon, the ‘internet of things’. This shorthand term describes the online interconnection of computing devices embedded in everyday objects, from phones and fridges through to home thermostats and power stations. Within two years it is estimated that around 26 billion devices will be connected to the internet.

On average we create 2.5 quintillion bytes of data (that is one billion, billion bytes) every day. Add to this the fact that 46% of UK businesses have identified a cybersecurity threat and it becomes clear that this increased connectivity is challenging our cybersecurity in new and unexpected ways.

Organisations such as GCHQ can remain private, but universities are by nature open. They must remain an ‘open and accessible space for learning’ while at the same time keeping safe.

This is important because, while hackers may not be primarily interested in student or staff data, they definitely want access to partners’ sensitive information and the high processing computing power possessed by universities, which criminals can use to mine cryptocurrency.

The ultimate answer to keeping our universities and businesses safe is to take the best precautions possible when it comes to infrastructure and people, and then be prepared to act if things go wrong.

It is worth keeping in mind that 95% of internal breaches are caused by human error. Training and education must be continuous as cybersecurity is a continuous process, not a single action. It has to be part of a university’s ongoing risk assessment.

The individual is our first line of defence and we all should think of ourselves as human firewalls within our organisations. It is vital to make sure systems are updated regularly and understand that security is a continuous process. Share good practice – your neighbour could be the weak link so help them – and have a plan for when it all goes wrong.