• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Cybersecurity for everyone

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / DMARC / Universities: rich in knowledge and ripe for cyberattacks

Universities: rich in knowledge and ripe for cyberattacks

by Clare Holmes
October 22, 2019January 15, 2020Filed under:
  • DMARC
  • Email

The latest research into the state of cybersecurity defences across universities in the UK show some dismal stats. A quarter of universities report daily attacks meaning students, staff and suppliers to these institutions risk data and monetary theft. 

With freshers week a bleary, distant memory, and the autumn semester in full swing, criminals will be busy executing their carefully planned attacks on their unlucky targets – from first-year students navigating student loan forms, to international students querying the impact of Brexit. If you manage anything online, you’re fair game. 

But given the destitute reputation of students, and the under-funded institutions, why don’t criminals switch focus to more lucrative organisations in finance, defence or legal sectors where the payloads are so much higher?

Why target universities?

The most recent figures we could get our hands on suggested the UK university sector contributed £21.5 billion to the national economy. It’s worth more than you thought, right? Not only do universities bring money into our economy from international students, but many have vital roles in the country’s research posture, which in itself is worth a cool £22 million per university. 

And that statistic right there is one of the biggest draws to compromising a university’s cybersecurity defences – 93 percent of the research conducted at UK universities is commissioned by the government making the nature of that research a point of interest for state-sponsored actors as well as cybercriminals on home soil. We can also assume that some of that research relates to national security making those research departments a rich source of valuable data. 

So with personal data, intellectual property and numerous income streams, universities need to be certain they’re defending all points of entry into their networks. 

The weakest link? 

As with any type of organisation, universities need to ensure they’re protecting critical data and systems. One easy to ignore point of entry is email – most IT teams will reassure you that they have the latest and greatest email gateway protection, but what many IT professionals with decades’ experience under their belts fail to realise is that even the tightest email gateway protection will be powerless against emails that purport to come from a legitimate source. 

Imagine you’re a research doctor, PhD after your name on your lab door – you’ve been working on government-backed projects, and the data you manage is GCHQ-level confidential. A colleague sends you an email asking for some of your research to be sent to them – it’s all very last minute and very urgent and you haven’t got time to question it so you attach the files to the email and you hit ‘send’. It’s after your Vice Chancellor has been on the phone to your government research sponsor that you find out you’ve had a data breach of gargantuan proportions. How? A criminal impersonated your university’s domain and sent you an email that you believed to be real. 

It doesn’t take a degree… 

Only one form of email defence can stamp out these types of phishing attacks. DMARC (Domain-based Message Authentication, Reporting & Conformance) ensures that emails are authenticated before they come anywhere near your mailbox and confirms that they have been sent from legitimate sources, blocking impersonated emails from reaching your spam or inbox. 

Given DMARC is a government-backed tool, you’d assume most higher education institutions would have it in place to protect its students, staff, visitors and partners. So we checked. We analysed the DMARC records of 172 higher education institutions in the UK, and found that 63 percent of universities didn’t have the protocol in place and were inadvertently putting users at risk of email fraud. The only positive news we took from this research is that we had also conducted the same analysis back in 2017, when only 13 percent of the same institutions were using DMARC. 

The long-term damage from a breach goes beyond losing student funds or confidential data. It severely impacts the organisation’s reputation – in the case of a university, this could lead to a major drop in funding, or stagnation in research, or worse still, state-sponsored attacks on related government agencies. 

If you want to find out more about the threat of cyberattacks in the education sector, the NCSC has recently published this report. And we’re a friendly bunch here too, so drop us a note to see if we can help you navigate your email impersonation woes at contact@redsift.com.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • cyber attack
  • email security
  • university

Post navigation

Previous Post Byline: Lawyer Checker – Currently, only around 10% of the top 100 law firms use DMARC at its top protective ‘reject’ setting.
Next Post Byline: SME Technology Guide – How to get your small business cyber secure

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Uncategorized
  • Work at Red Sift
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2022 · Milan Pro on Genesis Framework · WordPress · Log in