Skip to the content

Jisc moves to protect tertiary education from ransomware

19/12/22

Mark Say Managing Editor

Get UKAuthority News

Share

Skull and crossbones on computer screen
Image source: istock.com/Lumerb

Jisc is to move to protect universities and research bodies from ransomware attacks by blocking the access to its Janet network from outside the UK to the Remote Desktop Protocol (RDP) port 3389.

The membership organisation for technology services in the sector is planning to take the step in late March of next year based on evidence that this has been the route for at least half of major ransomware incidents in the sector since August 2020.

Only inbound traffic from known UK IP addresses will be allowed to proceed on RDP by default to Janet – the national network for higher education and research – as opposed to the current requirement to opt in.

RDP is a network communications protocol for users to access physical work desktops from other devices through client software. It is typically less secure than connecting via on-site computers because access is usually obtained using a username and password with no other authentication controls. This makes users vulnerable to malicious actors who use phishing or social engineering to gain log-in details and access to organisations’ internal systems. 

Devastating attacks

Jisc’s director of information security policy and governance, Dr John Chapman, said: “The use of ransomware against our sector and globally has ramped up over the past couple of years and some attacks against colleges and universities have been devastating.  

“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident.  

“Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.” 

The change follows updates to Jisc’s cyber security policies for the higher and further education sectors earlier this year.

 

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.