Universities and colleges are being warned by the UK’s cyber-security agency that rising numbers of cyber-attacks are threatening to disrupt the start of term.
The National Cyber Security Centre has issued an alert after a recent spike in attacks on educational institutions.
These have been “ransomware” incidents which block access to computer systems.
Paul Chichester, the NCSC’s director of operations, says such attacks are “reprehensible”.
The return to school, college and university, already facing problems with Covid-19, now faces an increased risk from cyber-attacks, which the security agency says could “de-rail their preparations for the new term”.
The cyber-security body, part of the GCHQ intelligence agency, says such attacks can have a “devastating impact” and take weeks or months to put right.
Newcastle University and Northumbria have both been targeted by cyber-attacks this month, and a group of further education colleges in Yorkshire and a higher education college in Lancashire faced attacks last month.
The warning from the NCSC follows a spate of ransomware attacks against academic institutions - in which malicious software or “malware” is used to lock out users from their own computer systems, paralysing online services, websites and phone networks.
The security agency says this is often followed by a ransom note demanding payment for the recovery of this frozen or stolen data - sometimes with the added threat of publicly releasing sensitive information.
Universities have frequently been targets of cyber-attacks - with up to a thousand attacks per year in the UK.
Attacks can be attempts to obtain valuable research information that is commercially and politically sensitive. Universities also hold much personal data about students, staff and, in some cases, former students who might have made donations.
Earlier this summer more than 20 universities and charities in the UK, US and Canada were caught up in a ransomware cyber-attack involving a cloud computing supplier, Blackbaud.
The warning from the NCSC highlights the vulnerability of online systems for remote working, as increased numbers of staff are working from home.
“Phishing” attacks, where people are tricked into clicking on a malicious link such as in an email, also remains a common pathway for such ransomware attempts, says the advice.
Mr Chichester of the NCSC says: “The criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible.”
“I would strongly urge all academic institutions to take heed of our alert.”
The intervention was backed by Jisc, the body which provides internet services for UK universities and research centres.
Steve Kennett of Jisc says that after the wave of cyber-attacks on the “education and research community”, institutions need to take action to reduce their risks.
Universities UK says data security has had to become a priority for higher education - and that “protections are in place to manage threats as much as possible”.
The universities body also says it is working with the NCSC to produce “robust guidance on cyber-security” which will be released later this academic year.