By Clare Stonebridge, Network Security Services Manager, Jisc, 12 July 2021
There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others.
One of those key periods is approaching right now for the further and higher education sector: clearing and enrolment. During this time, institutions need to ensure all internet-facing systems such as websites, virtual private networks (VPN), SIP/telephone and email systems are running smoothly and uninterrupted.
In the four months from the start of July to the end of October 2020, our security operations centre (SOC) noticed 169 DDoS attacks against the further and higher education sector, which represents about half of all such attacks on the Janet Network in this period. These attacks are designed to bring down a network by flooding it with data.
Now almost 16 months on since the start of the COVID-19 pandemic, with many of us now working more flexibly, protection of key services such as VPNs – which protect data by encrypting it before it travels over the internet – are more important than ever, especially with the increase in cyber attacks.
Following the recent increase in ransomware attacks the National Cyber Security Centre (NCSC) has issued an alert highlighting advice and measures that can be taken to protect education from these attacks.
It’s a sad fact that cyber criminals always find ways to take advantage of global disasters and during the COVID-19 pandemic is no different. We are all aware of the recent data breaches affecting education and the NCSC has encouraged the public to flag such scams.
But none of this recent nefarious activity is unusual in cyber space. Indeed, our security operations centre (SOC), which monitors and protects the Janet Network, reports that it’s business as usual; the threats remain the same, it’s the methods and targets that tend to adapt to new situations.
Colleges and universities that have robust cyber security measures in place should be as safe as they can be at any time of year, including during clearing and enrolment, but everyone can benefit from a bit more security protection.
For many, clearing and enrolment in 2021 will be as challenging as it was last year with the need for reliable ways of protecting key services such as web, VPN or SIP. Universities and colleges looking for that ‘extra’ bit of DDoS security and/or peace of mind through clearing and enrolment this year can again benefit from our popular 4 month critical services protection package which we offered for the first time last year. Without long-term commitment, this package can be used to maintain the availability of systems when it matters most, such as during clearing and enrolment, or at any other time you choose.
This 4 month DDoS protection package is being offered as part of our existing critical services protection service to protect a range of business-critical services including web, SIP, VPN, DNS, VLEs and firewalls.
We recognise that protecting your network from DDoS attacks 24/7/365 is also a priority. With many of us now working more flexibly and needing access to networks outside of normal working hours, we’ve developed a new DDoS mitigation option Foundation Plus to ensure you are always protected. This is an optional enhancement to the Foundation DDoS mitigation service, providing automated out-of-hours protection against Jisc detected volumetric DDoS attacks 24/7/365.