Cybersecurity in UK Universities: mapping (or managing) threat intelligence sharing within the higher education sector

Higher education has recently been identified as a sector of concern by the UK National Cyber Security Centre (NCSC). In 2021, the NCSC reported that universities and higher education institutions (HEI) had been exponentially targeted by cyber-criminals. Existing challenges were amplified or highlighted over the course of the global pandemic when universities struggled to continue to function through hybrid and remote teaching provision that relied heavily on their digital estate and services. Despite the value of the sector and the vulnerabilities within it, higher education has received relatively little attention from the cybersecurity research community. Over 2 years, we carried out numerous interventions and engagements with the UK higher education sector. Through interviews with cybersecurity practitioners working in the sector as well as roundtables, and questionnaires, we conducted a qualitative and quantitative analysis of threat intelligence sharing, which we use as a proxy for measuring and analysing collaboration. In a unique approach to studying collaboration in cybersecurity, we utilized social network analysis. This paper presents the study and our findings about the state of cybersecurity in UK universities. It also presents some recommendations for future steps that we argue will be necessary to equip the higher education sector to continue to support UK national interests going forward. Key findings include the positive inclination of those working in university cybersecurity to collaborate as well as the factors that impede that collaboration. These include management and insurance constraints, concerns about individual and institutional reputational damage, a lack of trusted relationships, and the lack of effective mechanisms or channels for sectoral collaboration. In terms of the network itself, we found that it is highly fragmented with a very small number of the possible connections active, none of the organizations we might expect to facilitate collaboration in the network are playing a significant role, and some universities are currently acting as key information bridges. For these reasons, any changes that might be led by sectoral bodies such as Jisc, UCISA or government bodies such as NCSC, would need to go through these information brokers

Do you influence me? Evidence from a case study of network ties among university students in Pisa

Social influence occurs when the behavior of an individual is affected by an outside force, such as other individuals. While there is growing literature on influence flows in primary and secondary school, little is known about how influence process occurs in the university. We propose taking advantage on a representative sample of advice-seeking networks at university level to assess social patterns of how individual and socio-economic characteristics influence students. We formulate and test our approach using data on cohort of students enrolled at the same master’s course at an Italian University and analyse the network of interactions as potential influence conduits for their academic outcomes. By using the network autocorrelation model, we find that network interactions are a significant indicator for the outcomes. We also explore the effect of the built environment on encouraging social interactions among students and consequently their outcomes. Our results provide empirical evidence on the ongoing influence operating through a system of advice relations that explains academic outcomes in educational fields

Cybersecurity in UK universities: mapping (or managing) threat intelligence sharing within the higher education sector

Higher education has recently been identified as a sector of concern by the UK National Cyber Security Centre (NCSC). In 2021, the NCSC reported that universities and higher education institutions (HEI) had been exponentially targeted by cyber-criminals. Existing challenges were amplified or highlighted over the course of the global pandemic when universities struggled to continue to function through hybrid and remote teaching provision that relied heavily on their digital estate and services. Despite the value of the sector and the vulnerabilities within it, higher education has received relatively little attention from the cybersecurity research community. Over 2 years, we carried out numerous interventions and engagements with the UK higher education sector. Through interviews with cybersecurity practitioners working in the sector as well as roundtables, and questionnaires, we conducted a qualitative and quantitative analysis of threat intelligence sharing, which we use as a proxy for measuring and analysing collaboration. In a unique approach to studying collaboration in cybersecurity, we utilized social network analysis. This paper presents the study and our findings about the state of cybersecurity in UK universities. It also presents some recommendations for future steps that we argue will be necessary to equip the higher education sector to continue to support UK national interests going forward. Key findings include the positive inclination of those working in university cyber security to collaborate as well as the factor s that impede that collaboration. These include management and insurance constraints, concerns about individual and institutional reputational damage, a lack of trusted relationships, and the lack of effective mechanisms or channels for sectoral collaboration. In terms of the network itself, we found that it is highly fragmented with a very small number of the possible connections active, none of the organizations we might expect to facilitate collaboration in the network are playing a significant role, and some universities are currently acting as key information bridges. For these reasons, any changes that might be led by sectoral bodies such as Jisc, UCISA or government bodies such as NCSC, would need to go through these information brokers

Qualitative factors in organizational cyber resilience

Cyber resilience moves organizations away from efforts to guarantee security of all systems, towards an approach that acknowledges that systems are bound to fail with a focus instead on the impact of that failure on business objectives. While the work on cyber resilience is evolving, there is a lack of studies using qualitative data for investigating the concepts and themes pertaining to cyber resilience in organizations. The purpose of this study is to uncover the non-technical organizational factors that contribute to better cyber resilience. By adopting a qualitative approach of analyzing factors of organizational resilience, this paper uses primary data collected through 25 interviews at senior leadership or board-level to point out the extent to which these factors facilitate or impede cyber resilience. The study illustrates a Leximancer map of each factor that characterizes organizational cyber resilience, based on insights from cyber practitioner communities through narrative interviews. This research contributes to a better theoretical and practical understanding of how cyber resilience within organizations can be improved. The findings show that cyber strategy and skilled people play a key role in adoption of cyber culture at the management level, while communication between boards and security leadership as well as a clear reporting structure are signals for building cyber resilience

The UK code of practice for consumer IoT cybersecurity: where we are and what next

This report has been produced by the Geopolitics of Industrial Internet of Things Standards (GISt) research project led by Professors Madeline Carr and Stephen Hailes, and the Building Evidence for CoP Legislation (BECL) research project led by Dr Saheli Datta Burton and commisioned by the Secure-by-Design team of the United Kingdom Department of Digital, Culture, Media and Sport (DCMS). Both GISt and BECL projects are held at the Department of Science, Technology, Engineering and Public Policy (STEaPP), University College London and funded by The PETRAS National Centre of Excellence for IoT Systems Cybersecurity, a consortium of leading UK universities dedicated to understanding critical issues in the privacy, ethics, trust, reliability, acceptability, and security of the Internet of Things. Funding for PETRAS is provided by the UKRI’s Strategic Priorities Fund as part of the Security of Digital Technologies at the Periphery (SDTaP) programme

A decade of studies on cyber security training in organizations using social network analysis: a systematic literature review through keyword co-occurrence network

In recent years cyber security training has become crucial to all organizations in order to be compliant with regulations and remain competitive in the market. To understand how vulnerabilities due to lack of employee awareness can be avoided and how organizations can provide useful training, a scientific systematic review is conducted. While traditional systematic review studies focus on analyzing publication trends, country of publication, or author affiliations, this research performs a systematic review of the field by mapping the existing state of research based on topic clustering and social network analysis. Network analysis using keyword co-occurrence is deemed to be advantageous as it enables identification of research themes and how they have evolved. The systematic review follows a four step process: data collection on cyber security training from the Web of Science database; data filtering to avoid duplicates and identify the core papers; network analysis creating the cooccurrence networks using these papers; and analyzing the patterns among key words that emerge in the literature. This research reveals the trends of core topics on cyber security training in organizations. By using the quantitative and rigorous research approach for conducting a systematic review of cyber security training in organizations in the cybersecurity field, this research contributes to filling the gap on cyber security training review. The findings highlight the trend towards adopting immersive technologies that provide insight into the employees’ cyber behavior before developing effective training

The Wandsworth healthcare ecosystem: an interorganizational perspective

Recent industry trends and technological advancements call for a change in the way organisations and industries operates. Progressively, activities in the past carried out by separate units are performed by a network of organisations of different nature, which need to collaborate to exchange information and resources to meet the fast-changing needs of users and customers. While this move from production to co-production models offers new opportunities, as tapping on diverse and richer resource pools, it raises new challenges. Establishing and managing interorganisational relationships requires resources and efforts, knowledge and awareness of potential partners and an approach open to adaptation, learning and change. Also due to these challenges a number of network managers emerged in recent years in different settings. The objective of such network managers is to facilitate collaboration, encouraging network members to engage with different stakeholders, promoting a sense of trust and overcoming the barriers to collaboration, such as the differences in organisational cultures and the competition for often limited resources. All these changes are taking place in the healthcare industry as well, where new players, often from the voluntary sector, now cover a fundamental role in identifying and addressing the needs of users. Integrating the skills and competences of voluntary and faith based organisations and non-traditional actors in the system with more established ones offers unique opportunities, but also specific challenges to be addressed. All these issues are explored in this report with specific focus on the healthcare ecosystem of Wandsworth, an area where for many years, also thanks to a very active network manager, a number of different players collaborate to improve the provision of healthcare services. Using a multi-method approach, integrating qualitative interviews, multiple-choice questionnaires and network analysis and visualisations, the study detects an extremely lively local collaboration network. At the same time, however, some vulnerabilities in the network are identified, mainly in relation to the role of some essential key-players, the perceived limited availability of resources and the difficulties in integrating very diverse organisational cultures and institutional practices. Findings from the study are used to put forward 11 recommendations to promote, manage and monitor the local collaboration network