Under attack: it’s time universities responded seriously to the worsening threat of cybercrime

The cost of cyberattacks on UK universities is rising. Universities have suffered hard over the past year, with cybercriminals causing extensive disruption to phone, website, and IT systems, leaving institutions scrambling to get students on-campus again after a post-pandemic switch to hybrid learning. Others have suffered network outages lasting days after ransomware locked-up systems, creating significant additional costs when said systems needed to be rebuilt.

And unfortunately, we can be certain that this threat will only get worse. Each year, for the past three years, the National Cyber Security Centre has reported an increase in ransomware attacks against schools, colleges, and universities.

Universities are in many ways uniquely vulnerable to cyberattacks. Legacy IT systems still dominate at many institutions, often meaning they won’t have access to the same software upgrades and security patches that protect cloud-based and other newer systems from attack. In many institutions we’re still seeing systems in use today that were first introduced as far back as the 1980s and 1990s.

These outdated and often incoherent systems create a constant headache. Not only can they make the university tech infrastructure remarkably inflexible (a problem thrown into stark relief during the Covid-19 pandemic), but, as they no longer support the latest security patches, they offer inadequate protection from data loss, and are vulnerable to viruses, malware, and other malicious attacks.

Despite being one of, if not the most, frequently attacked sectors above telecoms and defence, higher education spends only a fraction of the amount that other sectors can afford on cybersecurity. The nature of these institutions (highly distributed, extremely collegiate, with lots of autonomy and decision-making units) means that it can be hard to get buy-in when proposing to spend more money on system upgrades, better security, and more integrated technology. But the reality is that a lack of investment in tech infrastructure upgrades now will cost more in the long term when universities are inevitably hit with a cyber attack – not to mention the cumulative cost of inadequate systems on students.

For universities, it makes sense to look towards local councils and their ‘smart cities’ initiatives for insight and inspiration. They have found ways to save money, adapt and survive through the right technology investment, rather than by cutting costs through cheaper technology or extending systems past their shelf life to cut costs.

Switching to modern, intuitive Software as a Service (SaaS) makes it easier for university communities to collaborate and share better insight over integrated cloud-based business, student and research management systems. It also ensures better security and performance with less effort and overhead – meaning higher education institutions are more protected and internal resources can be better spent on true innovation, research, teaching and learning.

When security flaws are discovered in SaaS systems they can be immediately patched, and each new upgrade builds the defences further. For cash-strapped higher education institutions, these built-in defences can be a lifesaver, meaning they can avoid the costly ramifications of an attack, while eradicating the cost of spiralling IT maintenance costs needed to plaster over flaws in creaking legacy systems.

For example, a recent Cabinet Office report found that the UK government spends £2.3bn on patching up systems, some of which date back 30 years or more, warning that  between £13bn and £22bn could be spent over the next five years on obsolete systems unless they took action. While the figures for higher education will be different, I believe the spending trend could be very similar for universities, unless the problem is tackled.

That’s why at TechnologyOne we have lifted all our higher education and local authority SaaS customers to government strength cybersecurity protection, significantly surpassing the current security guidelines and government standards set for SaaS providers. In meeting the stringent Australian Federal Government IRAP security standard, all our UK University customers have protection surpassing that recommended in the UK National Cyber Security Centre principles and guidelines.

Whatever the short or longer term future holds, surviving in a competitive world requires resilience and mobility. Adequate protection and digital transformation doesn’t need to be costly. Delivered properly, SaaS can provide huge benefits, the least of which is reassurance that you are no longer left wide open to cyberattacks.

TechnologyOne has been helping higher education institutions in the UK, Australia and New Zealand to adapt to the changing education landscape and reduce administrative burden for more than 30 years.


Further reading