Shared threat intelligence is a game-changer for UK education and research

David Batho

“Together we are stronger” should be everyone’s cyber security mantra.

Woman looking at a laptop and a mobile phone screen

As the cyber threat landscape continues to evolve, new ways to combat it are emerging too.

Despite proliferating threats, we are definitely seeing a tide of change in that they are being detected earlier, making mitigation and containment easier.

And that’s not just down to new technologies: it’s largely due to the increase in shared threat intelligence that we’re seeing across the sector and beyond.

We’re all in this together

To help create a resilient sector, we should all be developing and nurturing partnerships that will lead to mutually beneficial improvements. Working with partners who understand the specific challenges of the sector and the complexity of its institutions is key to ensuring the best outcomes.

We all need to do more sharing – of intelligence, of lessons learned, of best practice. That’s how threat intelligence works: the more we have, the better for everyone.

We share intelligence with key agencies such as the National Cyber Security Centre (NCSC) as well as commercial providers, so there is a huge amount of sector expertise available to institutions. The report by Jisc, Universities UK (UUK) and the NCSC, new guidance for the higher education sector, is a great example of collaboration across the sector.

Actionable threat intelligence is at the heart of what Jisc does. By constantly gathering the latest threat intelligence from multiple partners and sharing it with the wider community, we ensure that all member institutions benefit from the most up-to-date cyber protection.

Together, we can ensure that everyone has the knowledge, skills and training to navigate technology securely and effectively, fostering a digitally empowered community.

Join the cyber community

Increasingly, cyber communities are providing a valuable support network as well as a forum for peer exchange of knowledge and proactive horizon scanning. In fact, a 2023 government survey of security breaches in education institutions noted that “higher education institutions in particular highlighted a culture of sharing information and learning with each other, with networks like the Jisc cyber security community group facilitating this sort of support and guidance.”

With more than 2,000 members and growing, our cyber security community group is a great place to start.

Prevention is better than cure

The education and research sector is rife with opportunities for hackers. Ransomware by organised gangs is still the number one threat, and phishing emails account for 90% of initial compromises globally. But threat actors are constantly changing their techniques - using malicious QR codes, for example.

We are seeing a rise in compromised credentials, with access for sale on the dark web. Cloud is not secure by default (security misconfigurations are a big issue) and multi-factor authentication – although heavily deployed across the sector – can be bypassed. And, of course, AI is starting to present new ways for threat actors to access information.

What’s needed is defence in depth, with multiple layers of control for threat detection, prevention and remediation.

Jisc provides core cyber services free with membership

As part of their membership, Jisc customers can take advantage of containment mechanisms in place on the Janet Network.

The Janet Network resolver service includes a protective element that blocks access to known malicious domains before compromises happen and contains onward transmission within an infrastructure, as well as a resolver service that uses threat intelligence to adapt to emerging threats. Specifically tailored for the education and research sector, it protects 337 subscriber organisations, including around 3 million internet users. Once implemented, it delivers immediate security benefits.

Jisc’s cyber security threat monitoring service can improve security posture by gathering information into a single dashboard and highlighting the most significant so that resources can be prioritised. By correlating events that would otherwise go unnoticed, the service highlights risks from multiple sources.

And, running quietly in the background but absolutely crucial, is a DDoS service that detected 983 inbound attacks on member organisations in 2023.

Also included in membership is access to Jisc’s full incident response capability, with dedicated CSIRT experts who have gained certification to NCSC Cyber Incident Response (CIR) Level 2 and can provide advice and guidance.

Defend as one

Data from all these services is fed back, analysed and shared with the wider community, along with intelligence from an expanding roster of partners.

And it’s precisely this growth in shared threat intelligence that is changing and strengthening the sector’s defences against cyber attacks, enabling us to defend as one.

Together, we really are stronger

Take advantage of the key cyber security services included with your Janet connection:

About the author

David Batho
Director of security, Jisc