Cyber threat to disrupt start of university term

  • Published
Students using computersImage source, Getty Images
Image caption,
Universities and colleges are facing a wave of cyber-attacks

Universities and colleges are being warned by the UK's cyber-security agency that rising numbers of cyber-attacks are threatening to disrupt the start of term.

The National Cyber Security Centre has issued an alert after a recent spike in attacks on educational institutions.

These have been "ransomware" incidents which block access to computer systems.

Paul Chichester, the NCSC's director of operations, says such attacks are "reprehensible".

The return to school, college and university, already facing problems with Covid-19, now faces an increased risk from cyber-attacks, which the security agency says could "de-rail their preparations for the new term".


The cyber-security body, part of the GCHQ intelligence agency, says attacks can have a "devastating impact" and take weeks or months to put right.

Newcastle University and Northumbria have both been targeted by cyber-attacks this month, and a group of further education colleges in Yorkshire and a higher education college in Lancashire faced attacks last month.

The warning from the NCSC follows a spate of ransomware attacks against academic institutions - in which malicious software or "malware" is used to lock out users from their own computer systems, paralysing online services, websites and phone networks.

The security agency says this is often followed by a ransom note demanding payment for the recovery of this frozen or stolen data - sometimes with the added threat of publicly releasing sensitive information.

Image source, Google
Image caption,
Newcastle University faced a cyber-attack this month

Universities have frequently been targets of cyber-attacks - with up to a thousand attacks per year in the UK.

Attacks can be attempts to obtain valuable research information that is commercially and politically sensitive. Universities also hold much personal data about students, staff and, in some cases, former students who might have made donations.

A Freedom of Information inquiry in July, carried out by the TopLine Comms digital public relations company, found 35 UK universities, out of 105 responses, had faced ransomware attacks over the past decade. There were 25 which had not had attacks - and a further 43 which declined to answer.

One university reported 42 separate ransomware attacks since 2013.

The warning from the NCSC highlights the vulnerability of online systems for remote working, as increased numbers of staff are working from home.

"Phishing" attacks, where people are tricked into clicking on a malicious link such as in an email, also remains a common pathway for such ransomware attempts, says the advice.

'Criminal targeting'

Mr Chichester of the NCSC says: "The criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible."

"I would strongly urge all academic institutions to take heed of our alert."

Universities UK says data security has had to become a priority for higher education - and that "protections are in place to manage threats as much as possible".

The universities body also says it is working with the NCSC to produce "robust guidance on cyber-security" which will be released later this academic year.