Compared to 2020, 2021 shows an increasing threat of major incidents within the education and research sector. That is one of the conclusions of the Cyber Threat Assessment that SURF publishes every year. In addition, major incidents in the chain such as Log4j also pose a new threat to education and research.
New trend
The Education and Research Cyber Threat Assessment 2021-2022 (PDF) contains an overview of the major incidents that occurred in the sector in 2021. This shows that ransomware was the biggest threat. A clear new trend is that after a hack, cyber criminals threaten to publish the stolen data on the dark web if they do not pay the demanded ransom. In some incidents, stolen data was actually published.
Measures
The survey shows the three most important measures that institutions are taking to increase resilience: the introduction of multi-factor authentication, attention to awareness among employees and students, and the adjustment of technical measures. Technical measures include the use of a Security Operations Center (SOC) and Security Information & Event Management (SIEM), the effective application of network segmentation, patch management, and the creation (and regular testing) of offline backups.
Are you already aware of new trends in information security? Take the Cybersecurity mini-course!