Cyber attacks on college computer systems are increasing both in frequency and scope, according to new statistics from Jisc.

The disclosure comes as the not-for-profit ed-tech company, which provides most colleges in the UK with IT services including a high level of protection against cyberattacks through its Janet Network, faces serious cuts to its government funding. 

From next year, the Department for Education will reduce funding for Jisc, and college leaders will have to decide whether to sign up independently to Jisc’s services or look elsewhere for a cheaper, but potentially less secure, service. Jisc said it is being forced to move to a “mixed-funding model” in England.

‘It has always been there’

One of the methods criminals are using against colleges is distributed denial of service (DDoS) attacks. Criminals will arrange for multiple computers, often based all over the globe, to repeatedly open a website at the same time. This floods the targeted network’s servers with a huge amount of web traffic, which can knock them offline, meaning other users cannot access web-based services.

A quarter of colleges suffered a DDoS attack last year. Both the number of colleges being hit and the frequency of attacks is on the rise, according to Jisc. There were, on average, 12 DDoS attacks per week against colleges in the UK in the first three months of this year - an increase of 27 per cent compared with the same period last year, with twice as many colleges being hit.

Robin Ghurbhurun, principal at Richmond upon Thames College, pointed out that many leaders in FE were not aware of the service they receive from Jisc because “it has always been there”. He added: “If we look at cybersecurity, my college could literally be under attack and I wouldn’t even know about it because of the strength of service Jisc provides.”

‘Fourth emergency service’

Jisc chief executive Paul Feldman said the security the company offers means that colleges are among the mostwell-protectedd of any UK business or industrial sector, adding: “To our members, we are the fourth emergency service.”

With the new subscription model, the “majority of colleges” could expect to pay in the region of £20,000 a year for the services they currently get for free from Jisc - with large college groups potentially facing annual subscription bills of more than £100,000.

Julian Gravatt, deputy chief executive of the Association of Colleges, said cyber security was one of the biggest issues facing all organisations. He added: “Big and small, and colleges are no exception. It is worth reminding the government that college budgets have been hit harder than any other part of the education system over the past eight years and cuts to Jisc funding will make it more difficult to protect against cyber intrusions, and as a result, colleges are potentially more vulnerable.

“We will continue to work with Jisc and other partners to ensure that colleges are properly equipped to tackle current and future challenges, while continuing to push the government to fairly fund FE.”

A DfE spokesperson said: “Colleges must take responsibility for their own cybersecurity and ensure they have good measures in place to protect against online threats. Our grant to Jisc ensures they are able to provide a secure and high-quality service at an affordable cost to colleges.

“Cybersecurity is a top priority for the government. We are investing £1.9 billion in the national cybersecurity strategy and have opened the National Cyber Security Centre, which is working with public and private sector organisations to make the UK the safest place for everyone to live and work online.”

This is an edited version of an article in the 11 May edition of Tes. Subscribers can read the full article here. To subscribe, click here. This week’s Tes magazine is available at all good newsagents. To download the digital edition, Android users can click here and iOS users can click here.