Comment: UCL ransomware attack
June 2017 by Jason Allaway, VP of UK & Ireland, RES
Following the news today that University College London (UCL) has suffered a major ransomware attack, Jason Allaway, VP of UK & Ireland, RES, comments:
While ransomware is infamous for its attacks on the finance and healthcare sectors, education is also one of the most targeted industries. This is because universities and schools hold the key to hugely sensitive data that they need to recover at all costs, but often don’t consider themselves a target in the way other sectors do. Criminals exploit this, knowing they are facing an organisation that may not be as security-savvy as they need to be.
It is believed that UCL’s network was compromised by a phishing email and all other universities should take UCL’s unfortunate as a lesson and build their defences now, if they aren’t already.
The first step is education, and not just for the students. Everyone involved in a university needs to be prepared, as after all, lecturers and other staff members are just as weak a link in the security chain if they don’t know what to look for. Organisations should provide informative materials and classes on the techniques of hackers, such as phishing emails, how to spot these and how to counter-act them. Coupled with this is technology, as there are a number of strategies that should be adopted. These include permission-based access, application whitelisting and blacklisting, not allowing files to execute or download and automating the onboarding and offboarding of students and staff so no security holes remain unplugged.
Ultimately, there are two types of organisation, those that have been attacked and those that will be - and this as true for education as it is every other sector.