There’s never a ‘good’ time to suffer a cyber attack, but there are certainly a few dates in the year when the financial and reputational effects of a website or email failure will be more damaging than others.
One of those key periods is approaching right now for the higher and further education sector: clearing and enrolment.
Institutions need to ensure all internet-facing systems such as websites, virtual private networks (VPN) and SIP systems are running smoothly and uninterrupted, not forgetting the underlying Domain Name System (DNS) infrastructure that supports them.
In fact, criminals are showing an awareness of key dates in the academic calendar and Jisc have seen a higher-than-usual number of attacks launched during these periods to cause maximum disruption.
Distributed denial of service (DDoS) attacks are a form of cyber attack, whereby cyber criminals commit malicious acts by attempting to disrupt computer and internet resources, flooding the network with data. These attacks have increased in scale and sophistication over recent years and continue to cause significant disruption and financial repercussions.
Since the start of 2023, Jisc has seen some of the biggest attacks on the education and research sector in recent years, with 13 large-scale attacks so far in 2023. To put this into context, there were a total of 27 large-scale attacks in the preceding six years.
We’ve also seen a significant spike in DNS flood attacks against authoritative DNS servers, with 203 such attacks detected in the last six months. A DNS flood is a type of DDoS attack whereby an attacker sends a large number of rapid DNS requests to deliberately disrupt name resolution for that domain. If an institution’s primary DNS infrastructure goes down, then this could affect access to websites or email systems, and that’s the last thing anyone wants, especially during clearing and enrolment.
For many, clearing and enrolment in 2023 will be as challenging as it was last year with the need for reliable ways of protecting key services such as web, VPN, SIP or DNS. To help, Janet-connected institutions can take advantage of the DNS services available with the Jisc subscription and by joining our defend as one campaign, part of Jisc’s cyber security ecosystem.
Also included with your subscription is our foundation DDoS mitigation service, which protects institutions from DDoS attacks during business hours.
Institutions looking for that ‘extra’ bit of DDoS security and peace of mind, with 24/7/365 protection through clearing and enrolment, can also benefit from our popular four-month critical services protection package.
Without long-term commitment, this package is designed to maintain the availability of key systems when it matters most, such as during clearing and enrolment, or at any other time you choose, to help maintain business continuity.
This four-month package is being offered as part of our critical services protection service to protect a range of business-critical services including web, SIP, VPN, DNS, VLEs and firewalls. For institutions looking for greater flexibility and discounted longer-term protection, we also offer flexible annual or discounted multi-year options.
We recognise that protecting your Janet Network connection from DDoS attacks 24/7/365 is also a priority. With many of us now working more flexibly and needing access to networks outside of normal working hours, we’ve developed foundation plus to ensure you are always protected. This is an optional enhancement to the foundation DDoS mitigation service, providing automated out-of-hours protection against Jisc detected volumetric DDoS attacks 24/7/365.
To find out more email securityservices@jisc.ac.uk or speak to your relationship manager.
As part of our ‘defend as one’ campaign, take the next step in improving your organisation’s cyber security posture | Jisc.