Can Universities ever be completely safe from cyber attack?
No. Universities such as Sussex are continually under some form of cyber-attack. Trends over the past 30 years shows three main reasons why such attacks can be expected only to continue:
- First, the number of cyber-attacks continues to increase, as done the technical sophistication and capability of such attacks. (For example, new and unknown attacks (often called ‘zero-day’ attacks) are constantly being created by attackers);
- Second, attackers are better organised and funded, be they criminals whose principal motivation is to steal money (directly or indirectly), or nation states and their proxies who seek to access research, intellectual property or other assets using advanced persistent threat tactics;
- Third, as technology develops and society adapts to it, so attackers have many more targets they can try to ‘hack’. Such developments greatly increase the ‘attack surface’ that the University has to defend. (For example the growth in the number of devices people own, new ways of working accelerated by Covid eg on home networks, IoT devices, etc.)