Blaming students for cyber-attacks on universities is nonsensical and offensive

There is no doubt that anxiety over cybersecurity and data protection is on the rise. Even the most stubborn ostriches will find it hard to plant their heads in the sand over the dangers currently faced by the prevalence and detail of our online profiles. I’d like to say this is because of a newfound conscientiousness and rebellion against the machines and the people behind them, but it’s probably because of BBC’s Bodyguard. Is it really that easy to track, hack and research the average Joe? It’s probably easier.

This article is not about cybersecurity however, but cyberterrorism. Reserach from the organisation Jisc has found a correlation between cyber-attacks on universities and the times students and staff are in university – term time and during the working day. Numerous articles have been published seemingly supporting this link, suggesting it is students behind this cyberterrorism. This is unlikely for lots of reasons, but I will try to explore them in a calm and objective way that does not make me sound like a panicked cyberterrorist that has been rumbled. 

First of all, the suggestion that the attacks increase during term time implicates students seems thin to say the least. According to the research, the attacks increased from 8am or 9am and then decreased towards the early afternoon. There was also a drop in attacks during the Christmas, Easter and summer breaks with the attacks resuming once terms start again. Journalists have jumped on the chance to blame students, with articles from the BBC, ITV and Techradar all supporting the hypothesis. There has been no real opposition to this viewpoint – no questions of the narrative. The idea that cybercriminals know that this is a good time to target the system to shift the blame has gone largely unnoticed. It is also important to remember that when term starts in September, thousands of new freshers’ information is being added to databases – data that cybercriminals could vastly profit from.

According to McAfee research, education is the fourth most targeted sector, even coming ahead of finance and retail. Intellectual property and student records are immensely valuable resources and should be recognised as such. Instead of speculating on how students could be trying to cause chaos for “fun” or “kudos among peers”, perhaps we should be considering the implications of our data in the hands of cybercriminals and protect it accordingly.

Data privacy expert Nigel Hawthorn argues that “Universities must first and foremost recognise the value of the data they protect, and therefore its appeal to cybercriminals. It is also crucial that security is built in from the outset with robust processes.” Besides, this isn’t high school. Students aren’t disaffected John Benders throwing toys out the pram for having to go to class – we chose this. We worked hard to get here. We put ourselves in quite a lot of debt to get here. It isn’t impossible that students would sabotage their university out of spite, but it also isn’t as likely as most of these articles seem to portray.

As university students, we know better than anyone how hated millennials are, but this is a new low. The generation that can’t afford to buy their own houses have already had to shoulder the blame for mistakes set up by earlier generations. Give students the blame for talking in the library, fine. Give students the blame for making avocados a staple food, sure. But please don’t lay cyberterrorism in our own universities at our door. As if any of us have the time.


Leave a Reply

Your email address will not be published. Required fields are marked *