Lancaster University Data Breach - Comment from Webroot
July 2019 by Kelvin Murray, Senior Threat Researcher, Webroot
Following the news that students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University, Kelvin Murray, Senior Threat Researcher at Webroot, has provided comment on what educational institutions can do to mitigate the threat of a data breach, as well as highlighting the importance of university data and why it must be kept secure.
“Educational organisations continue to be targets for cyberattacks. Unfortunately, the sprawling nature of a college – with all their separate faculties and facilities – and the inevitable movement of data between departments makes IT admin and security difficult to implement and maintain. Additionally, universities contain a wealth of valuable intellectual property which can be valuable to hackers, especially those acting on behalf of governments.
“In this instance only a small number of students were affected, but the number could have been much higher. Phishing attacks are only becoming more sophisticated and targeted, and it only takes one click to put an entire network at risk. To mitigate future attacks, IT teams must properly audit all machines connected to their networks and the data they hold. Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and sensible password policies.”