Cyber Threat Assessment Education and Research 2020-2021

Maastricht University incident and corona

The ransomware incident at Maastricht University at the end of 2019 and the covid-19 pandemic have largely set the agenda for 2020. Due to covid-19, institutions had to switch to online education and working from home from one moment to the next. Both incidents caused many institutions to make additional efforts in the area of cybersecurity.

Number of incidents increased

Compared to 2019, the survey shows no major shifts in the types of threats observed. Acquisition and disclosure of data, identity fraud and Disruption of IT facilities are still the most common threats. The Acquisition and misuse of IT resources has increased in 2020. However, the number of incidents has increased again in 2020. The number of phishing attacks in particular has risen sharply. Ransomware attacks have not shown a strong increase in the Netherlands. The increase in the threat from state actors also requires more attention to be paid to knowledge security.

Additional investments in resilience

The survey shows that, in response to the incident at Maastricht University, many institutions have made additional investments in measures to increase their resilience. The education and research institutions again scored their own cyber resilience higher than in the previous year. The average score is 6.5, whereas in 2019 it was 6.3.

New tooling makes institutions more dependent on cloud providers

With regard to phishing incidents, it is noticeable that cybercriminals are becoming more and more engrossed in the organisations they want to attack. They purposefully approach specific officials within the organisation. To facilitate distance education and working from home, institutions are making use of new tooling, including video conferencing tools and tools for online proctoring. This often makes institutions even more dependent on a limited number of large cloud providers, which can disrupt continuity in the event of a disaster.

More cyber security collaboration in education and research

In the 2019 Cyber Threat Assessment, we called for more collaboration in order to better face threats. In 2020, we have indeed increased collaboration both within and outside the education and research sector. The scarcity of cyber security expertise and the expected decline in funding following the covid-19 pandemic also reinforces the need for collaboration.

Conclusions

The report concludes that at first glance it does not differ much from the 2019 report. However, further analysis of incidents reveals new developments. There are other actors and increased complexity of attacks. Furthermore, investing in training and awareness is becoming increasingly crucial, so that users also become more resilient to the latest threats. Finally, greater dependence on a small number of large cloud providers from outside the EEA makes education and research vulnerable.

• View the entire infographic with the key facts from the Cyber Threat Assessment 2020-2021 (PDF, in Dutch)
• Read the full Cyber Threat Assessment 2020-2021 (PDF, in Dutch)

About the Cyber Threat Assessment

The Cyber Threat Assessment 2020-2021 is the seventh threat assessment concerning education and research. This report is based on a survey of employees of educational and research institutions and on public sources. In the survey, we asked what risk factors SURF's target group considered the most important, what incidents had occurred and what level of resilience the institutions had.