British university admin folk are alarmingly easy to phish, according to an academic support body which claims a 100 per cent success rate "within two hours".
Jisc, the artists formerly known as the Joint Information Systems Committee, claimed to have secured a "100 per cent track record" when securing illicit access to "high value data".
Published today in a short report (PDF, 6 pages) titled "How safe is your data? Cyber-security in higher education", Jisc's security operations centre chief, Dr John Chapman, reckoned that his people succeeded every single time they spearphished a higher education institution.
He wrote: "Alarmingly, when using spear phishing as part of its penetration testing service, Jisc has a 100 per cent track record of gaining access to a higher education institution's high value data within two hours."
The sample size was 50 universities, with some having been pen-tested multiple times.
The finding came after a Jisc survey of university IT departments in 2018 suggested that education sector techies, on the whole, reckon their institutions aren't all that well-defended. Some of the reasons given for that were "a lack of dedicated staff and budgets and a lack of policies, suggesting senior leaders are not taking the issue seriously enough," according to Jisc.
"Jisc's own chief executive and Finance Department have been targeted in this way" by criminals, the body's report stated, adding that it had detected "more than 1,000 DDoS attacks" during calendar 2018 against various higher education bodies.
"Analysing the timings of these attacks has led Jisc to surmise that many of them are 'insider' attacks launched by disgruntled students or staff," it concluded. ®