The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Dramatic increase in cyber attacks against universities

By jan [dot] olsson [at] biol [dot] lu [dot] se (Jan Olsson) - published 7 October 2021
A person working on a computer in a dark room. Photo.
Cyber attacks against universities have skyrocketed during the pandemic. The blackmailers often succeed. Photo: Shutterstock

Cyberattacks against the University have sharply increased over the past two years. They mainly take the form of email attacks, known as phishing, which aim to penetrate and take over entire IT environments. The attacks often succeed.

Lund University is no different from the crowd. Cyberattacks against higher education institutions and other public authorities, as well as against companies, have shot up in recent years – in certain areas by several hundred per cent. The trend is the same internationally. 

Criminals have used the pandemic to reach as many people as possible and increase their chances. They know that many people want to read the latest news about Covid-19. What not everyone knows is that emails that appear to carry ordinary information could contain a link enabling cybercriminal blackmailers to enter the University’s IT systems.

Hackers often succeed

“One person clicking the link is enough for the hackers to get in. Then it might take a couple of weeks or months for them to take over 80-90 per cent of the IT environment and shut it down. It’s as simple as that”.

The person speaking is Ingegerd Wirehed, Chief Information Security Officer (CISO) at Lund University. Together with Heiko Herwald, chair of the Faculty of Medicine’s information security council and the faculty’s deputy dean, she created a scenario in autumn 2020 in which around 1000 researchers and other staff lost access to IT networks, email, sensitive patient data and other critical information for one to two months. Through interviews, they tried to find out what such an attack would entail, for research and education on the one hand, and financially on the other. They stopped counting once they reached half a billion Swedish crowns.

“It’s been a long time since hacking was a question of shutting down a computer and then sending an email offering to unlock it for SEK 5000. Today, the attacks are a lot more professional and completely automated; one click on a link can set off a technical agent that searches an entire IT environment and shuts it down. Once that is done, the blackmailers enter the picture”, says Ingegerd Wirehed.

A woman and a man walking in a park. Photo.
Ingegerd Wirehed, CISO at Lund University, and Heiko Herwald, chair of the Faculty of Medicine’s information security council and the faculty’s deputy dean. Photo: Jan Olsson

One example is the University of Maastricht in the Netherlands. There, the management has been open about having to pay the equivalent of SEK 1.9 million to obtain an encryption key after hackers shut down large parts of the university’s IT environment. Not paying would have cost significantly more in terms of both time and money, according to the university’s analysis. And the damage would have been much greater.

“A Swedish university cannot pay ransom money like that. Using tax revenue to pay blackmailers is simply not allowed”, says Heiko Herwald.

An attractive target

The Faculty of Medicine manages large amounts of sensitive information, including personal data on patients. This makes the faculty an attractive target for hackers. According to Heiko Herwald, phishing attacks are taking place virtually all the time. One way of keeping the University’s guard up is to inform and train all employees. 

“You can get an organisation to train and practise through operations such as the University’s security officers sending out their own phishing emails and then discussing the issue with the employees who open them. That is one way of working proactively”, says Heiko Herwald.

That staff make back-up copies and work with the latest updates are obvious measures, according to both Herwald and Wirehed. And having functioning fire-extinguishers in place in the form of crisis management and recovery plans is as important as new networks incorporating the latest security technology. New technology quickly becomes obsolete and the University runs a high risk of always being a step behind the inventive hackers. 

“They can take a completely different path to the one we predict and, in that case, technical IT security doesn’t always help. We must primarily educate everyone and increase awareness. It is not a question of if it will happen but when, and then our crisis management must work”, says Heiko Herwald.

The openness is a dilemma

Vulnerability, threats and the likelihood of attack: all these factors have increased in recent years. From a security perspective, it is a dilemma that the University is a creative and open workplace. Nor does its status as a public authority, with everything that entails in terms of people’s right to access documents received and produced by the University, make security work easier.

“The University is characterised by academic freedom and a high degree of delegation. At the same time, the University has a single corporate identity number, a common IT network, shared IT systems and shared buildings and many other common resources. This makes the issue contradictory and sensitive for the University management”, says Ingegerd Wirehed.

When asked whether Lund University has good protection against hackers, she answers neither yes nor no.

“There is no definition of ‘good protection against hackers’. What is crucial is how big a risk the organisation wants to take and the expertise it has. There is a reason why the top management hired me.” 
 

 

Best protection against cyber attacks

How employees can protect themselves and LU against cyberattacks 

  • Don’t click on links or open attachments in emails before critically reviewing the message. 
  • Monitor your accounts and authorisations. Use strong passwords, never re-use passwords and don’t share account details with anyone. 
  • Run frequent security updates on your systems.
  • Ensure that you back up local information and that security copies can be used to retrieve lost data.
  • Contact the LU Service Desk if you have any questions or suspect that you have been subjected to phishing. 
  • On Kompetensportalen you can find the LUISA course on security awareness. Spend 10 minutes on it.

Source: Ingegerd Wirehed and Heiko Herwald
 

Tidningsomslag.

About LUM

The first edition of Lund University Magazine – LUM – was published 1968. Today, the magazine reaches all employees and also people outside the university. The magazine is published six times per year. Editor Jan Olsson.

LUM website in Swedish

Latest news

Link to rss
All news

Editorial staff

Jan Olsson


046-222 94 79

jan [dot] olsson [at] kommunikation [dot] lu [dot] se

 

Minna Wallén-Widung

046-222 82 01


minna [dot] wallen-widung [at] kommunikation [dot] lu [dot] se

7 Oct 2021