KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, released its report on the state of cybersecurity in higher education institutions in the United Kingdom (UK). The report examines the risks of these cybersecurity attacks, the motivations behind them; and the lack of preparedness from the institutions.
British universities have become valuable targets for cybercriminals as they are often affiliated with notable international research institutes. The personal data available to be stolen through cyberattacks are far more valuable than phone numbers and credit card details that can be obtained through other attacks. Reports over the last couple of years have shown that higher education institutions in the UK are being aggressively targeted by cybercriminals. In fact, a 2023 survey conducted by the Department for Science, Innovation and Technology (DSIT) showed that all types of education institutions were more likely to have suffered a cyber security breach or attack than the average UK business.
Some startling facts highlighted and discussed in the report include:
- London universities have more breached credentials than Scotland, Wales and Northern Ireland combined. Of those, over half of breached credentials came from UK universities with research facilities.
- Some challenges faced by higher education institutions are high turnover in an increasingly casual workforce, onboarding thousands of new students every year in a short period of time and budgetary constraints leading to unintended deprioritisation of protection of high value intellectual property.
- According to the 2023 survey by DSIT, only half of further and higher education institutions have a cybersecurity strategy.
- Phishing attacks are the most common type of breach, followed by online impersonation, then viruses, spyware or malware.
The report makes it clear that cybersecurity remains a challenge to higher education institutions in the UK as well as one that involves reviewing current processes and the security culture that they promote both internally and externally.
“It’s a terrifying thought that only about half of higher education institutions in the UK have a strategy for safeguarding against cyber attacks,” said Javvad Malik, lead security awareness advocate at KnowBe4. “Phishing attacks in particular remain the most common tactic used by cybercriminals, making it more important than ever for institutions to strengthen their human firewall through security awareness training and to foster a robust security culture underpinned by a strong, comprehensive security programme.”
To download a copy of KnowBe4’s report on the state of cybersecurity in higher education institutions in the UK, click here.