Cyber Threat Assessment Education and Research 2021-2022: Dutch education and research scales up by increased cyber threats
In the event of major incidents, cooperation in the field of information security and privacy has increased within the sector. In order to exchange information quickly and share experiences, both universities and universities of applied sciences have monthly CISO consultations. SURF, and in particular SURFcert, is taking on an increasingly coordinating role in the event of major incidents. At the national level, there has been collaboration on incident response since 2020 within the National Disaster Response System (LDS), a partnership between the National Cyber Security Centre (NCSC) and sectoral organisations. This collaboration has been further intensified over the past year.
As in 2020, threats to the education process, the research process and business operations in general are rated higher than in the previous year. The survey shows that the risk perception of the risk categories Acquisition and disclosure of data and Dependence on cloud services have increased considerably compared to 2020 and that that of Disruption of ICT facilities continues to be rated as very high. Respondents also mention the lack of capacity within the institution as a major vulnerability.
New trend: threatening to publish stolen data on the dark web
The Education and Research Cyber Threat Assessment 2021-2022 (PDF, in Dutch) contains an overview of the major incidents that occurred in the sector in 2021. It shows that ransomware posed the greatest threat. A clearly new trend is that after a hack, cybercriminals threaten to publish the captured data on the dark web if the demanded ransom is not paid. In a number of incidents, stolen data was actually published.
Charting the dependency chain: who is responsible for what
The Log4j vulnerability in December 2021 illustrates how the dependence on software suppliers, service providers and other third parties can lead to problems. To be better able to withstand incidents of this nature, it is necessary to map out these dependencies and make sound agreements with suppliers about who is responsible for what in the chain. Knowledge sharing and information exchange within the sector are crucial for this.
The survey shows the three most important measures taken by institutions to increase their resilience: introducing multi-factor authentication, paying attention to awareness among staff and students, and implementing technical measures. Technical measures include the use of a Security Operations Centre (SOC) and Security Information & Event Management (SIEM), the effective application of network segmentation, patch management and the creation (and regular testing) of offline backups.
The number of major incidents in 2021 has led to extra political attention for cyber security. For example, questions were asked in Parliament about a number of incidents and about the state of information security within the sector. Agreements have been made within the umbrella organisations to allow the sector to grow to a higher maturity level in the field of information security.
About the Cyber Threat Assessment
The Cyber Threat Assessment 2021-2022 is based on a survey of 70 Dutch educational institutions (secondary vocational, higher vocational and university) and research institutes. Public sources have also been used to identify trends in cyberthreats. SURF has published the Cyber Threat Assessment annually since 2014.