Fighting Cyber Crime in Academia Requires a Collective, Coordinated Effort

Research universities store a lot of personal data in their computer networks. Unfortunately, keeping that data safe and protected (e.g. preventing data breaches, ensuring data privacy, and safeguarding the licensing of peer-reviewed research) isn’t easy. An article in this month's issue of Against the Grain, "Beyond Sci-Hub: Cyber Challenges for the Scholarly Communications Industry," notes that the education sector is the third largest target for cyber-attacks—placing it ahead of retail.

The article shares striking examples of the damaging effects hacking can have on universities, both financially and in terms of research integrity. For example:

• Rutgers University reportedly had to spend $3 million on cybersecurity
• In the UK, state-sponsored espionage was reported by the National Cyber Security Centre to have damaged the value of research at some universities, particularly in STEM subjects
• At the affected universities, damage to the value of research resulted in a drop in private or public sector investment

Co-authored with two other members of the Scholarly Networks Security Initiative (Rick Anderson, associate dean for collections and scholarly communication at the University of Utah's Marriott Library; Robert Boissy, Springer Nature's director of account development) it addresses this critical question:

“How do we balance the need for access, while also protecting ourselves, our assets, those for whom we are responsible, and the quality of the academic record from criminals?"

In a blog post last year, we shared our key takeaways from the 2019 Information Security Summit, which offer insight into that question, including these dire statistics about the threat of cybercrime in academia:

• Hackers attack every 39 seconds
• A breach can cost organizations an average of $150 million
• In 2018, more than 500 million records were stolen
• Most companies take months before they even detect a breach has happened, others are not even aware until they are informed by a third party
• Education records and university login credentials can fetch more than credit card numbers on the black market

On the flip side, perhaps the most important takeaway from the 2019 Summit was that most hacking events are likely due to human error. That’s hopeful news, because it means that protecting campus systems, networks, and programs from digital attacks is within our reach. But in order to reduce human error, institutions need to train people better on the technologies and "always do more than is required to protect their network information."

The ATG article makes a similar argument, emphasizing that in order to mitigate the risk of cybercrime in a lasting way, publishers, librarians, and network security staff must all work together to ensure institutions can implement and uphold network systems that balance data safety with easy access to research.

The article also examines the role of Sci-Hub and similar sites, which are often applauded for democratizing access to scholarly research—but which make it difficult for institutions to achieve this balance. Importantly, however, is to note that Sci-Hub's activities "are not the only threat to the scholarly communications ecosystem and the integrity of the academic record, and this issue goes beyond that of the illegal accessing of academic research." In short, more than scientific articles are stolen when a university’s server is breached.

The Scholarly Networks Security Initiative is a collective of scholarly communications stakeholders who have joined together to solve the cyber challenges in academia. To learn about some of the successful initiatives currently underway, ongoing challenges, and the group’s outreach efforts, you can read the full article here.