Staying resilient in uncertain times
David Batho, director of security at Jisc, shares advice for tertiary and research institutions and their leaders on staying resilient in uncertain times.
Conflict in the Middle East has raised concerns about increased cyber threat levels to UK organisations.
The National Cyber Security Centre (NCSC) has urged UK organisations to take action as hostilities continue. While it notes no significant change in the direct cyber threat from Iran to the UK, it warns this could shift given the rapidly evolving nature of the conflict.
It also highlights a heightened risk for organisations with a presence or supply chains in the Middle East.
As we continue to monitor and act upon emerging threats in line with our mission to strengthen the collective cyber resilience of the UK’s tertiary education and research sector, here are steps organisations can take to strengthen their cyber security.
Be vigilant – and share information
We know that cyber criminals actively target higher and further education institutions. The NCSC’s update is a timely reminder that the cyber landscape is evolving, and our sector must remain alert. Periods of global uncertainty often lead to increased malicious activity, including phishing and misinformation. This conflict reinforces the need for vigilance and proactive action.
At the recent Jisc Security Conference, I spoke about the importance of acting now and working together. That message still holds true. Our most effective defence is our cyber community. By collaborating, sharing intelligence and strengthening resilience across the sector, we can defend as one and protect the future of education and research.
If you come across threats, share what you’re seeing, talk to your peers and reach out to our CSIRT team or your security operations centre (SOC) provider with any concerns.
Ensure cyber security is a priority for boards
Earlier this year, I spoke at the Association of Colleges (AoC) Governance Professionals Conference about the need for cyber security to be seen as a strategic responsibility for boards. That advice is more relevant than ever as uncertainty in the Middle East raises the possibility of higher threat levels.
Even before the conflict, the NCSC’s annual review warned that cyber security is now a matter of business survival and national resilience. A ministerial letter to boards and CEOs across the country has also called on organisations to adopt the government’s Cyber Governance Code of Practice.
Free tools to help boards review their cyber security are available, including resources from the NCSC and our 16 key cyber security questions. The guide covers key considerations, from backups and supply chain risks to incident response and leadership oversight, helping teams move from insight to implementation.
Mitigate the risks of international travel
International travel is a necessity for many institutions that collaborate overseas, but it carries inherent cyber security risks and may be elevated during periods of conflict.
Travellers are often high-value individuals, such as institutional leaders, senior academics and researchers, with access to valuable intellectual property and data.
Before travelling to the Middle East or elsewhere, leaders should consider whether travel is necessary, the risks associated with each destination, potential vulnerabilities and the organisation’s overall cyber security.
Our guidance on cyber-secure travel to high-risk countries should be shared with senior leaders, frequent travellers, research managers and security teams, as well as others responsible for safeguarding people, data and infrastructure. It includes key questions for institutions and a personal checklist for individuals.
Learn about support from Jisc
We are committed to providing institutions with the tools, expertise and support to protect themselves against increasingly sophisticated threats.
Our cyber security community group has grown to 3,000 members, bringing together security professionals from across the sector. It drives collaboration and helps the sector defend as one.
Our security operations centre (SOC) is designed specifically for the sector, offering advanced threat intelligence, detection and rapid incident response, alongside hardening workshops to strengthen resilience.
Members also benefit from Janet, the UK’s most secure, high-capacity network. Our visibility of Janet allows us to detect and contain threats quickly, minimising disruption to learning and research in the event of an incident.
Find out more
About the author