Redscan Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Redscan

50% of UK universities have reported data breaches in last 12 months

960 640 Stuart O'Brien

More than half of UK universities reported a data breach to the ICO in the last year, while 46% of all university staff received no security training and almost a quarter of institutions (24%) did not commission a penetration test from a third party. 

That’s according to research conducted by Redscan on the state of cyber security in the higher education sector, based on an analysis of Freedom of Information requests.

The National Cyber Security Centre (NCSC) itself says universities are targeted by criminals seeking financial gain, as well as by nation state attackers looking to steal intellectual property. The Redscan report underscores the degree to which universities are an attractive target. It also raises concerns that many may not be doing enough to defend against the latest threats, particularly at a time when institutions are embracing remote teaching en masse and conducting world-changing research in relation to COVID-19. 

Defending against an incessant stream of phishing attacks remains a challenge of all universities, says Redscan. Several institutions reported receiving millions of spam/phishing emails each year, with one reporting a high of 130 million. Phishing attempts were described as being “endless” and one university disclosed that attacks had increased by 50% since 2019. 

Other key findings from the report include:

  • 54% of universities reported a data breach to the ICO in the last 12 months
  • A quarter of universities haven’t commissioned a pen test from an external provider in the last year
  • 46% of all university staff in the UK received no security training in the last year. One top Russell Group university has trained only 12% of its staff
  • Universities spend an average of £7,529 per year on security training, with expenditure ranging from £0 to £49,000
  • Universities employ, on average, three qualified cyber security professionals
  • 51% of universities are proactive in providing security training and information to students
  • 12% of universities do not offer any kind of security guidance, support or training at all to students
  • 66 out of 134 universities have Cyber Essentials or Cyber Essential Plus certification

Redscan CTO, Mark Nicholls, said: “UK universities are among the most well-respected learning and research centres globally, yet our analysis highlights inconsistencies in the approach institutions are taking to protect their staff, students and intellectual property against the latest cyber threats. 

“The fact that such a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security program and key to helping prevent data breaches. 

“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.” 

“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.” 

Redscan criticises new Government cybersecurity stats

960 640 Stuart O'Brien

Redscan has disputed the findings of the Department for Digital, Culture, Media and Sport’s latest Cyber Security Breaches Survey.

The firm has argued that response bias and the sample of participants makes it impossible to fully trust the data.

The DCMS report found that the cost of breaches has gone up for the third year in a row and suggests that fewer breaches are taking place (due to businesses being more secure).

Redscan has taken issue with that conclusion, with CTO Mark Nicholls stating that while the Government’s latest cybersecurity survey figures provide some interesting insights, response bias of the participants means we should avoid drawing any firm conclusions.

He said: “The finding that many businesses can identify a data breach instantly, for instance, just doesn’t ring true. Interpreting the results is also clouded by the fact that half of organisations surveyed were micro businesses with fewer than 9 employees. 

“While the report suggests that cyber security is becoming a higher priority among businesses, evidenced by more senior management buy in, businesses still struggle to properly assess the risks as well as identify and respond to breaches. 

“Despite an increase in the cost of breaches, the figures are still surprisingly low– likely due to businesses self-reporting, as well as the fact that these numbers don’t consider hidden costs such as reputational damage. 

“Nowhere near enough businesses have undertaken cyber risk assessments and less than a third made changes because of the GDPR’s introduction. These are very worrying statistics, no matter how you look at them. 

“The proportion of businesses identifying breaches or attacks (32%) is now lower than in 2018. The report suggests that this may be due to businesses being more secure, but many simply aren’t aware they’ve been breached. Attackers are getting stealthier and staying on the network undetected for longer. 

“As to the statistic that two third of business businesses can identify a breach instantly, this is patently false. Real-world data from the ICO suggests it takes closer to 60 days on average.”