Blog

Everything you want to know about cyber but are too afraid to ask

Avatar headshot
by
Steve Howard

Curious about cyber security but not sure where to start? Explore the answers to the questions you're afraid to ask, with practical tips on staying secure and how Jisc can help.

Female IT technician studying a laptop screen.

Cyber security is an ever-evolving challenge, and IT teams are at the forefront of defending against increasingly sophisticated threats. Yet, many of the same fundamental issues - ransomware, phishing, compromised credentials, and poor security hygiene - remain the biggest risks.

If you’ve ever thought, “Are we really doing enough?”, “Where are our weak points?”, or “What’s the latest attack vector we should be worried about?”- this is for you.

Is ransomware still our biggest threat?

Yes. Ransomware remains one of the most disruptive and financially damaging cyber threats to organisations. Attackers have moved beyond simple file encryption- now they exfiltrate data first, using double and even triple extortion tactics.

  • Exfiltration before encryption: attackers threaten to leak sensitive data if the ransom isn’t paid
  • Supply chain attacks: a single compromised vendor can be the entry point for ransomware across multiple organisations
  • Ransomware-as-a-service (RaaS): less skilled attackers can buy ready-made ransomware kits, lowering the barrier to entry

What’s the best defence?

  • Network segmentation: prevent lateral movement by isolating critical systems
  • Immutable backups: keep offline and air-gapped backups to prevent encryption
  • Endpoint detection and response (EDR): deploy solutions that can detect ransomware behaviour patterns early
  • User access reviews: limit access to critical data, reducing the blast radius of an attack

Phishing attacks are getting harder to spot. What’s the best approach to stop them?

Phishing remains the primary initial access vector for attacks, whether it’s ransomware, business email compromise (BEC), or credential harvesting. AI-powered phishing emails are now highly convincing, with fewer spelling errors and more targeted social engineering tactics.

How to reduce risk?

  • DMARC, DKIM, and SPF records: ensure email authentication is configured correctly to prevent spoofing
  • User training, but smarter: move beyond generic phishing awareness and implement simulated phishing campaigns tailored to real-world attack patterns
  • Browser isolation: consider deploying remote browser isolation (RBI) to execute links in a secure, sandboxed environment

How serious is business email compromise?

BEC attacks are increasingly sophisticated and harder to detect, with attackers using compromised accounts, deepfake voice tech, and social engineering to bypass traditional security measures. The biggest financial losses often come from:

  • Invoice fraud: attackers hijack or spoof supplier emails to divert payments
  • Executive impersonation: fraudulent emails appearing to come from senior leadership
  • Payroll diversion: HR or finance teams tricked into changing bank details for salary payments

How do we mitigate this?

  • Strict financial controls: implement out-of-band verification for financial transactions
  • Conditional access policies: restrict logins based on device, location, and risk level
  • Threat intelligence feeds: integrate real-time threat intel into email security solutions

We know password security is an issue, but how do we enforce it properly?

Compromised credentials remain a top attack vector, with access brokers selling login details on dark web marketplaces. Even with multifactor authentication (MFA), attackers use MFA fatigue attacks, SIM swapping, and session hijacking to bypass security.

Stronger authentication strategies:

  • Phishing-resistant MFA: move beyond SMS and authenticator apps; deploy hardware security keys (e.g YubiKeys)
  • Passkeys and passwordless authentication: adopt FIDO2/WebAuthn for reducing password reliance
  • Credential monitoring: regularly check for compromised credentials using tools like Have I Been Pwned or enterprise dark web monitoring services
  • Staying safe online: encourage a culture of online safety by promoting best practices for recognising phishing attempts, managing privacy settings, and avoiding oversharing. Refer to our staying safe online guidance for practical advice and training resources for both staff and students.

Are we really monitoring our systems effectively?

One of the biggest gaps in cyber defence is lack of visibility. Many organisations lack proper logging, monitoring, and incident response capabilities, meaning they only discover breaches weeks or months after they happen.

How to improve detection and response:

  • XDR: invest in and deploy an extended detection and response (XDR) solution to monitor your endpoints.
  • SIEM: utilise a security information and event management platform for security log retention, event correlation and alerting.
  • 24/7 threat monitoring and response: utilise a security operations centre (SOC) for continuous monitoring, response and threat mitigation.
  • Regular penetration testing: don’t just scan for vulnerabilities, simulate real-world attacks to test response capabilities.

Are we patching fast enough to stay secure?

Unpatched vulnerabilities remain a huge entry point for attackers, particularly zero-days and exploited-in-the-wild vulnerabilities. The challenge isn’t just patching - it’s ensuring critical patches are applied before attackers can weaponise them.

Key patching strategies:

  • Prioritise based on exploitability: use sources like CISA’s Known Exploited Vulnerabilities Catalog to identify urgent patches
  • Automate where possible: deploy automated patch management for operating systems, applications, and firmware
  • Monitor shadow IT: ensure all devices (including BYOD) are patched, not just corporate assets

What cyber security support does Jisc offer?

Jisc provides a comprehensive suite of cyber security services designed to support education, research, and local authorities, including:

  • 24/7 monitoring and response: through our security operations centre, organisations receive real-time threat detection and incident response.
  • Cyber security threat monitoring: implement continuous monitoring tools that provide real-time alerts and insights into potential threats across networks, systems, and endpoints.
  • Penetration testing and vulnerability assessments: identify and fix security weaknesses before attackers do.
  • Cyber security consultancy: expert guidance on improving security posture, implementing best practices, and meeting compliance requirements.
  • Training and awareness programmes: helping IT teams stay up to date with emerging threats and defensive strategies.

Final thoughts

Cyber threats are evolving, and IT teams need to stay ahead of attackers, not just react to them. By enforcing robust access controls, improving visibility, and ensuring continuous monitoring, organisations can reduce the risk of falling victim to modern cyber threats.

Our cyber security community group allows you to stay up to date with current challenges and receive cyber threat intelligence and expert advice. This channel also offers a chance to ask to questions/ talk freely to our cyber security team and similar institutions.

If you are a Jisc member and you’d like further details please contact your relationship manager. Otherwise make a customer enquiry here, or email us at customer.support@jisc.ac.uk.

About the author

Avatar headshot
Steve Howard
Head of product – cyber, Jisc