Britain's universities are a globally-prized repository of research data, intellectual property and employ some of the world's foremost thinkers on a wide range of subjects. To wit, this makes them an obvious target for the world's cybercriminals, including those with political as well as commercial motivations. Universities also host hundreds of thousands of students and teachers, who must count as the most difficult network users imaginable because they are often workers and customers at the same time.
It is surprising that almost no effort has gone into finding out how well this vital sector has been coping with the cybercrime phenomenon. Recently, software firm VMware has had a stab at redressing this in a report that questioned senior IT people at 50 of the UK's universities, the results of which gives an interesting insight into the possible damage that is being done and the dilemmas faced by these institutions when defending themselves.
Computerworld UK is normally sceptical about vendor-driven surveys based on small sample sizes but in the case of universities, 50 institutions is roughly a third of the entire sector and offers a good number to start building a picture of what might be going on.
On some levels, VMware's findings are much as might be expected - universities are being aggressively targeted in much the same way as many other sectors in the UK and beyond. The study doesn't offer a lot of detail but does at least raise some larger and pertinent issues.
Students are the primary target: In terms of the volume of attacks, the main target for external hackers is students, although half of the university professionals also rated students as being a major risk in and of themselves. Most of this was down to ignorance of security risks and a cavalier attitude to online safety mixed with a small level of deliberately malicious behaviour.
Frequency of attacks: Nine out of ten universities admitted to having suffered at least one successful cyberattack (e.g. on students or theft of IP) with about the same number believing these to be increasing. A third of universities said these were now happening on an hourly basis.
Types of attack: Following on from this, slightly more than four in ten universities had experienced the loss of student data including dissertation materials and exam results, 25 percent had experienced the loss of IP while 28 percent reported that research data had been the main target.
Are universities defences up to the job? Universities are publically-funded and, in the UK at least, always short of money. Not surprisingly, two thirds said that their existing IT infrastructure was not up to the job, a quarter thought their datacentre was 'inadequate' while almost nine in ten believed more funding would be necessary to protect university IP going forward.
Sign up for Computerworld eNewsletters.