Blog

Beware the 5th of July – the worst day of the year for a cyber attack

Avatar headshot
by
Clare Stonebridge

How can universities and colleges keep services running smoothly during critical periods like clearing and enrolment?

Worried woman looking at a laptop.

A cyber incident can be disastrous at any time, but there are some days in the year when a website or email failure will be much more damaging than others. One of those key periods for higher and further education is fast approaching now.

Because this year, clearing starts on 5th July.

For students, clearing is a time of anticipation, excitement and celebration.

For universities and colleges, it’s a stressful time when IT systems need to work without a hitch.

And for cyber criminals, it’s an open invitation.

So what can universities and colleges do to prepare their cyber security defences and reduce the risks they will inevitably face when clearing begins?

Start now

Every year at around this time, thousands of prospective students apply - either online or by phone - to multiple institutions, making this the busiest day of the year for their IT and communications infrastructures.

And cyber criminals know that.

Disparate departments, external people logging into networks from personal devices at all times of the day and night, an expanded attack surface - all combine to make institutions particularly vulnerable. Threat actors see them as lucrative targets because, especially during this period, they hold a wealth of valuable data in the form of personal information.

Anxious applicants are easy prey, likely to fall for a phishing email. Institutions’ infrastructures are dealing with high levels of external communications, making it easier to break into the network and steal a treasure trove of information. And a ransomware attack at this vital juncture will be especially damaging and therefore potentially more effective.

Although some recent high-profile incidents have prompted universities and colleges to harden their defences, now is not the time to get complacent.

By starting now, institutions can ensure that all their external internet-facing systems such as websites, virtual private networks (VPNs) and comms systems run smoothly and without interruption throughout this high-risk period.

Guard against DDoS attacks

The underlying domain name system (DNS) infrastructure that supports all these functions is critical for business continuity.

So everyone needs to be extra vigilant during clearing, and again when the new term begins - especially when it comes to opening messages and clicking on links.  Phishing emails account for 90% of initial compromises globally, and all it takes for a breach to happen is for one person to unwittingly click on a malicious link in a phishing email.

This can trigger a distributed denial of service (DDoS) attack whereby cyber criminals attempt to disrupt the institution’s computer and internet resources by flooding the network with data. These attacks have increased in scale and sophistication over recent years and continue to cause significant disruption and financial repercussions.

At Jisc we’ve seen a significant spike in DNS flood attacks, a type of DDoS attack whereby a threat actor sends a large number of rapid requests to deliberately disrupt name resolution for that domain. If an institution’s primary DNS infrastructure goes down, it can prevent access to websites or email systems - and that’s the last thing anyone wants, especially during clearing and enrolment.

The foundation DDoS mitigation service included in Jisc membership protects systems against DDoS attacks on the Janet connection, helping to maintain connectivity to the online world.

Also included in membership is access to Jisc’s full incident response capability, with dedicated CSIRT experts who have gained certification to NCSC Cyber Incident Response (CIR) Level 2 and can provide advice and guidance in the event of an attack.

Ensure 24/7/365 cyber protection – even if it’s just at critical times

We offer the option to upgrade to Foundation Plus, which provides 24/7 automated protection against Jisc-detected volumetric DDoS attacks, and critical services protection, which provides an additional layer of automated protection 24/7/365 to safeguard business-critical services such as web, DNS and VPN.

Alternatively, a four-month critical services protection package, specifically designed to maintain the availability of key systems throughout clearing and enrolment, gives extra DDoS security and peace of mind when it matters most.

Flexible annual or discounted multi-year options are also available.

Get the basics right

As well as taking advantage of the cyber security services that Jisc offers as part of membership, there are basic steps any institution can take to strengthen their cyber security posture between now and July 5th.

Make sure there’s a patching process. Switch on multi-factor authentication, insist on a strong password policy and restrict admin access. Segment business-critical systems and back-up servers so that, if an attacker cracks into the system, they cannot migrate through it and damage can be contained.

Regular rehearsals, exercises and tests are key to an institution’s ability to respond to cyber security threats and incidents. Make sure everyone in your organisation knows what to do in the event of a serious security incident. Regularly rehearse scenarios with a view to continual improvement, remembering to reflect changes in the threat landscape and technology.

And keep updated by joining the Jisc cyber community group. With more than 2,000 members, it’s a forum for sharing knowledge, best practice and threat intelligence for the benefit of the whole education and research sector.

Find out more

Explore the latest cyber security technologies, innovations and future insights from both a national and international perspective at Jisc’s Security Conference 2024, 26-27 November, ICC Wales, and 28 November online.

About the author

Avatar headshot
Clare Stonebridge
Network security services manager, Jisc