With cyber-attacks on colleges on the rise, the Department of Education has called on them to take responsibility for their own security.
Most colleges rely on cyber security provided by not-for-profit company, Jisc, which provides IT services and internet connectivity through the Janet network.
However, this reliance is now questionable with the Government slashing its funding to Jisc, which means the cost will be passed onto further education (FE) colleges from August next year to the tune of an average £20,000 a year with larger colleges facing bills of up to £100,000. In internet leased line delivery terms, the August date is more pressing than it sounds as it takes a minimum of three to deliver new services.
The cyber risk is substantial, as Jisc’s figures have revealed. There were, on average, 12 distributed denial of service (DDoS) attacks per week against colleges in the UK in the first three months of 2018, representing an increase of 27% compared with the same period last year, with twice as many colleges being hit.
A DDoS attack is when an online service – usually a website and other web-based services – is brought down or interrupted by being overwhelmed by traffic from multiple sources.
In fact, the Janet network suffered its own outage in 2015 due to a DDoS attack. This meant students and staff could not access external websites, email and submit assessments online.
Meanwhile, it has recently been revealed that Durham Sixth Form Centre paid ransomware hackers £1,500 in April last year when a computer virus encrypted college files, which contained students' work, in the run-up to their exams. A ransomware attack sees hackers lock data on a victim's computer, typically through encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim.
Whatever the threat, colleges will need to decide on whether they will continue to pay for Jisc’s services or look for alternative suppliers. The concern with the latter is that some providers may offer more competitive pricing but will not offer the same quality of security. However, there are providers who surpass the security currently offered on Jisc’s network. It will be the college’s responsibility to check they are well protected.
In an article on TES.com, a DfE spokesperson said: “Colleges must take responsibility for their own cyber security and ensure they have good measures in place to protect against online threats.”
My advice would be for colleges to use the next 12 months to investigate the options open to them so that can make an informed choice that will not leave them at risk. Education-focussed connectivity and security providers are available in the commercial marketplace. As a business with 35 years’ experience in the education sector, we have already migrated many colleges to our services and are talking to others.
As with any business, colleges cannot ignore cyber-attacks. Any commercial provider that offers connectivity but does not even mention security should be disregarded, but sifting through the providers to find one that suits your needs, could take time. Do not leave it too late.
If your college would like any advice on internet connectivity and cyber-security, please do not hesitate to contact me.