CSA Warns Universities Against Cyber Risks After Nottingham Attack

The Cyber Security Authority (CSA) has cautioned universities and other institutions operating critical digital systems to take urgent steps to strengthen their cybersecurity measures following a recent cyber-attack on the University of Nottingham in the United Kingdom.

The Authority said the incident, which reportedly affected about 450,000 students and alumni of the UK-based institution, should serve as a wake-up call for educational institutions in Ghana and across other critical sectors.

According to the CSA, the attack exposed sensitive information belonging to students and former students, including personal records, contact details, identification information and financial data.

In a statement, the CSA urged all CII operators, particularly universities, to comply with the Directive for the Protection of Critical Information Infrastructure launched in October 2021, as part of measures to protect essential digital systems and services.

“Following a recent cyber-attack on the University of Nottingham in the United Kingdom, the Cyber Security Authority (SA) is cautioning all Owners of Critical Information Infrastructure (CII), especially educational institutions, to adhere to the Directive for the protection of CII, launched in October 2021” part of the statement reads.

The Authority explained that Ghana’s universities are undergoing rapid digital transformation, with many institutions increasingly relying on student information systems, online learning platforms, cloud-based services, digital payment solutions and international research collaborations.

The Authority used the opportunity to remind owners of Critical Information Infrastructure (CII), especially educational institutions, to comply with the Directive for the Protection of CII introduced in October 2021.

“Recognising the growing threat landscape, the SAhas developed regulatory frameworks aimed at strengthening cybersecurity across critical sectors. The CII Directive seeks to ensure that operators of critical digital systems implement appropriate safeguards to protect essential services and national interests.

The Directive encourages organisations to establish cybersecurity governance structures, conduct risk assessments, implement security controls, report incidents, perform regular audits, and develop robust incident response capabilities to reduce the likelihood and impact of cyber-attacks” the statement concluded.

READ FULL PRESS RELEASE:

CSA CAUTIONS UNIVERSITIES TO ADHERE TO THE CII DIRECTIVE FOLLOWING THE UNIVERSITY OF NOTTINGHAM CYBER-ATTACK

Following a recent cyber-attack on the University of Nottingham in the United Kingdom, the Cyber Security Authority (SA) is cautioning all Owners of Critical Information Infrastructure (CII), especially educational institutions, to adhere to the Directive for the protection of CII, launched in October 2021.

The University of Nottingham incident should serve as a reminder that no educational institution, regardless of its size, reputation, or technological sophistication, is immune to cyber threats. The incident is believed to have affected approximately 450,000 students and alumni, exposing sensitive information, including personal records, contact information, student identification details, and financial information.

While the breach may have occurred thousands of miles away from Ghana, its implications are relevant to our education sector and other CII sectors, such as Health, Telecommunications, and Transportation.

Ghana’s universities are undergoing rapid digital transformation with student information systems, online learning environments, cloud services, digital payment platforms, and research collaborations becoming increasingly common. While these innovations improve efficiency and accessibility, they also expand the attack surface available to cybercriminals. The question is therefore not whether Ghanaian universities or other critical sectors will be attacked, but whether they are sufficiently prepared when an attack occurs.

The Directive for the Protection of CII

Recognising the growing threat landscape, the SAhas developed regulatory frameworks aimed at strengthening cybersecurity across critical sectors. The CII Directive seeks to ensure that operators of critical digital systems implement appropriate safeguards to protect essential services and national interests.

The Directive encourages organisations to establish cybersecurity governance structures, conduct risk assessments, implement security controls, report incidents, perform regular audits, and develop robust incident response capabilities to reduce the likelihood and impact of cyber-attacks.

Issued by the Cyber Security Authority