Universities UK (UUK), Jisc, the digital and data body for tertiary education and research, and the National Cyber Security Centre (NCSC) have released new cyber security guidelines for senior leaders and technical teams in the higher education and research sectors.
The guidelines replace previous versions and outline the main cyber security threats facing the higher education (HE) sector, the impact of recent attacks against individual organisations, and sets out responsibilities in understanding and mitigating these risks.
The three stress that universities remain an attractive target to cyber criminals due to the personal data they hold, the potentially sensitive research and the size of their digital infrastructure. As a result, university IT leaders are encouraged to download the resource to better understand potential cyber threat landscape and help to not just prevent but hopefully even mitigate the impact of potentially devastating cyber incidents.
Issues covered:
- leader responsibilities
- current cyber security threats
- the impact of cyber attacks
- regulatory requirements
- minimising the risk of attacks
- mitigating the impact of attacks.
“Universities have made good progress in developing processes that manage security-related risks,” said Professor Paul Boyle, vice-chancellor of Swansea University and chair of Jisc.
“However, there is more to be done, and cyber security has never been more important [as] connectivity and digital technology now underpin almost all aspects of running a university or research centre. This makes the security of our networks, data and people crucial and as leaders, we are ultimately responsible.
“This guidance demonstrates the criticality of cyber security [and] reminds us that, because of the work we do and the data we hold, our sector remains an attractive target for all kinds of cyber criminals — from have-a-go opportunists to state-sponsored, highly organised groups.”
“An increasingly globalised higher education environment provides opportunities to people and institutions around the world every day,” added Jamie Arrowsmith, director of Universities UK International.
“Maintaining a robust and comprehensive cyber security framework is key to ensuring we can maximise these benefits and continue to see them grow in a safe and secure way. This guidance provides clear advice for senior leaders looking to ensure their institution’s cyber security is fit to meet this growing challenge. It outlines emerging risks and actionable remedies, as well as information on developing an open and collaborative institutional culture in addressing cyber threats.”
“We strongly encourage all senior leaders and technical teams from universities to follow the advice within the updated guidelines and take advantage of the NCSC’s tools and resources to increase their cyber resilience,” added Sarah Lyons, NCSC deputy director for economy and society resilience.
The new guidelines, which are supported by the University and College Information Security Association (UCISA), supersede a previous version issued in 2021 and are available to view and download from the Universities UK website here.
