CAIRO— Arab universities need better protection from the risks that the digital age has brought with it, a new report and interviews with experts indicate.
A report by the security firm Fire Eye about cyber threats in Europe, the Middle East, and Africa found that malware attacks nearly doubled in the first half of 2015. Saudi Arabia was among the top ten most vulnerable countries in the region, the report said, and the education sector was among the most vulnerable in that country.
Due to the frequent use by Saudi students and professors of computer networks for learning and teaching, universities have a large degree of exposure to cyberattacks, the report said.
Arab universities aren’t alone in their vulnerability. A similar 2014 report by Educause, a nonprofit group focused on information technology in higher education, found that between 2005 and 2014, educational institutions in the United States had the second largest number of reported security breaches of any industry.
Hackers are attempting to access a wide range of information. “Universities maintain information on students and staff that should be protected,” says Eugene Spafford, founder and executive director of the Center for Education and Research in Information Assurance and Security at Purdue University.
“That information may be personal information, medical details or financial data,” he adds. Cyber criminals also target research results and patent filings too.
“Last of all, universities tend to have large amounts of computing capability,” he explains. Attackers who gain control of this can use it to attack of other targets and store stolen information and prohibited content.
There have been several successful cyberattacks on Arab universities as a result of weak security, says Ahmad Ali Al Ananbeh, a lecturer in computer information systems at Al Jouf University in Saudi Arabia.
“At the end of May 2015, a hacker in Saudi Arabia claimed to have hacked and stolen information from a Saudi university’s network,” he explains, “including the personal details, academic results and schedules of 4,000 university students.”
Arab universities need to do more to protect themselves, says Mohammad Al-Khatib, assistant professor at the College of Computer and Information Sciences at Al-Imam Muhammad Ibn Saud Islamic University in Saudi Arabia. “Universities in the Middle East need to develop and improve their strategies for information security,” he says. “The region has been ranked among the areas most vulnerable to cyber-attacks.”
Izzat Mahmoud Alsmadi, an associate professor in software engineering at Yarmouk University agrees. “Any security attack on such websites can harm the university from several perspectives, including service availability, credibility, and privacy,” he says.
Some universities are better doing better than others at managing the risk. Alsmadi’s assessment of 20 universities in Jordan concluded that a significant number of them have critical and severe levels of vulnerability. For confidential reasons and out of fear of making them more of a target, he would not name which universities are especially at risk.
Experts say there isn’t really a clear way forward. Joma Cabales, manager of information technology at the British University in Dubai says: “There is a lack of transparency on this subject. Cyberattacks and incidents are often not reported and kept as a confidential matter.” He adds that there are no real guidelines from the authorities for universities to follow. Other experts agreed that universities should have well-established security policies supported by government regulations.
Educause has produced a security guide to provide practical advice for the information-technology departments of universities.
The advice includes increasing awareness of the issue among the student body and faculty members, creating a dedicated unit to deal with information security and creating a document that outlines a university’s coordinated cyber security policy.
Cyberattacks and the methods hackers use are constantly evolving. The best defense is therefore to use the most up-to-date technology and encryption systems out there, says Al-Khatib. That can require a significant investment on the university’s part—a tough decision when resources are stretched.