The Severity of Cyber Attacks on Education and Research Institutions: A function of their security posture

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

1 Citation (Scopus)

Abstract

In recent years, all aspects of human life have become more and more dependent on the internet. This level of growing dependency for all purposes has led to a considerable number of cybercrimes resulting in innovative and dynamic attacks. Universities in recent years have not been immune to these incidents and Higher Education (HE) institutions are increasingly prone to cyberattacks as threat actors target the wealth of personal, financial, research and intellectual data universities possess. Although a lot of research has been undertaken on the impact of security breaches or incidents across a wide range of industries, there is limited literature on incidents affecting universities. Often, cyber security is regarded as the domain of IT specialists, with senior management and organisations not fully equipped to deal with the risks and attacks. It is becoming increasingly important to acknowledge that cyber security is not limited to the IT department but needs to be managed across an entire organisation. By analysing data previously collected by the Cyber Security Division of Jisc - the organisation that provides digital solutions for UK education and research, this research explores the cyber security of HE institutions. The original data set was complemented with network data from Jisc’s Janet network, including Denial of Service attack data, and from open source data from web searches and published university league tables and other UK status rankings. The quantitative analysis of the data allowed for the understanding of the challenges universities face and the factors that impact the severity of cyberattacks within the institutions. This research aims to determine if the posture of a university i.e. managerial, organisational and strategic aspects of an institution has an impact on the cyberattacks. It investigates the type and severity of attacks or breaches at institutions and whether there is a difference in number or severity if they have an information security certification. It further explores the institutional spend on security controls and evaluates the structure of the security team versus severity of attacks/breaches.

Original languageEnglish
Title of host publicationThe Severity of Cyber Attacks on Education and Research Institutions: Function of their Security Posture
Subtitle of host publication13th International Conference on Cyber Warfare and Security
EditorsJim Q. Chen, John S. Hurley
PublisherAcademic Conferences and Publishing International Limited
Pages111-119
Number of pages9
Volume2018-March
ISBN (Print)9781911218746, 9781911218739
Publication statusPublished - 1 Jan 2018
Event13th International Conference on Cyber Warfare and Security, ICCWS 2018 - Washington, United States
Duration: 8 Mar 20189 Mar 2018

Conference

Conference13th International Conference on Cyber Warfare and Security, ICCWS 2018
CountryUnited States
CityWashington
Period8/03/189/03/18

    Fingerprint

Keywords

  • Cyber resilience
  • Cyber security
  • Cyber security management
  • Education
  • Higher education institutions

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Chapman, J., Chinnaswamy, A., & Garcia-Perez, A. (2018). The Severity of Cyber Attacks on Education and Research Institutions: A function of their security posture. In J. Q. Chen, & J. S. Hurley (Eds.), The Severity of Cyber Attacks on Education and Research Institutions: Function of their Security Posture: 13th International Conference on Cyber Warfare and Security (Vol. 2018-March, pp. 111-119). Academic Conferences and Publishing International Limited.