Cyber-attack information

Jordan Gifford made this Freedom of Information request to Swansea University

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Dear Swansea University, could you please forward these questions onto the correct department and/or personnel.

1) Between September 2016 - December 2017, has your university been targeted via a cyber-attack?
A) - Yes
B) - No

2) Between September 2016 - December 2017, how many cyber-attacks has your university encountered?
A) - Under 50 attacks
B) - 50 - 100 attacks
C) - 150 - 200 attacks
D) - Greater than 200 attacks

3) Between September 2016 - December 2017, which cyber-attacks has your university encountered? (Please choose which are applicable.)
A) - Phishing attacks
B) - Spear phishing attacks
C) - Ransomware attacks
D) - SQL injection attacks
E) - Rootkit attacks

4) How many phishing attacks has your university encountered?
(Please base your answer between September 2016 - December 2017.)
A) - Under 100 attacks
B) - 100 - 200 attacks
C) - 300 - 400 attacks
D) - Greater than 400 attacks

5) From research, many universities across the country have been targeted via a number of phishing campaigns. What impact have they had on your university?

6) From research, there has been successful phishing campaigns across many universities. When considering that both students and lecturers can be victims, who has been affected the most?
A) - Students
B) - Lecturers

7) How many targeted spear phishing attacks has your university encountered?
A) - Under 25 attacks
B) - 25 - 50 attacks
C) - 50 - 75 attacks
D) - 75 - 100 attacks
E) - Greater than 100 attacks

8) What impact has spear phishing attacks had on your university?

9) How many ransomware attacks has your university encountered?
(Please base your answer between September 2016 - December 2017.)
A) - Under 25 attacks
B) - 25 - 50 attacks
C) - 50 - 75 attacks
D) - 75 - 100 attacks
E) - Over 100 attacks

10) When a Ransomware attack was triggered, how quickly was it resolved?
A) - Resolved Immediately
B) - Resolved within and under 24 hours
C) - Resolved between 1 - 2 days
D) - Resolved after 3 or more days

11) Considering that ransomware affects the availability of a system or systems,
please describe the impact that ransomware has had on your university institution.

12) How many SQL injection attacks has your university encountered?
(when contemplating the number of attacks, please include attempted attacks and
unfortunate successful attacks and Please base your answer between September 2016 - December 2017.)

A) - Under 100 attacks
B) - 100 - 200 attacks
C) - 200 - 300 attacks
D) - 300 - 400 attacks
E) - Over 400 attacks

13) What impact has SQL injection attacks had on your university?

14) How many rootkit attacks has your university encountered?
A) - Under 5 attacks
B) - 5 - 10 attacks
C) - 10 - 20 attacks
D) - Over 20 attacks

15) What impact has rootkit attacks had on your university?

16) When considering the different types of cyber-attacks, that many university institutions are targeted with, how would you class your current and existing security controls?
A) - Inadequate
B) - Good
C) - Adequate
D) - Excellent

17) Do you believe your existing and current IT infrastructure will protect you from cyber-attacks that may occur in the next 18 months?
A) - Yes
B) - No

18) Should more funding be given to IT Security to help improve and maintain the current security that is already in place within your university institution?
A) - Yes
B) - No

Yours faithfully,
Jordan Gifford

Francis-Morris R.I., Swansea University

Dear Jordan

 

I write to advise that I am in receipt of your request dated01/02/2018,
for information relating to Cyber Security.

 

This email confirms that your request has now been passed to the
University Compliance Officer who will review the contents of your request
and establish if a) your request is valid under the FOI Act and b) if any
further clarification is required from you to allow us to progress
further.

 

Should you wish to contact us regarding your request, please quote
reference number FOI 139/17-18 on any correspondence. 

 

Kindest Regards

 

 

Rhydian Francis-Morris

Paralegal/Paragyfreithiwr

Legal Services Team/Gwasanaethau Tìm Cyfreithiol

 

Vice-Chancellor’s Office/Swyddfa’r Is-Ganghellor

Room 7 | Ystafell 7

Abbey Building | Adeilad yr Abaty

Swansea University/Prifysgol Abertawe

Singleton Park/Parc Singleton

SA2 8PP

 

Tel/Ffon: 01792 602812

Email/e-bost: [1][email address]           

 

The University welcomes correspondence in Welsh and English/Mae'r
Brifysgol yn croesawu gohebiaeth yn Gymraeg ac yn Saesneg.

 

Please don't print this e-mail unless you really need to/Peidiwch ag
argraffu'r e-bost hwn oni bai fod gwir angen gwneud hynny

 

The contents of this e-mail are confidential and for the intended
recipient only. If you have received this message in error, please inform
the sender and delete the message/Mae cynnwys yr e-bost hwn yn gyfrinachol
a dim ond y derbynnydd a fwriadwyd a ddylai ei ddarllen. Os derbynioch y
neges mewn camgymeriad, rhowch wybod i'r anfonydd a dilewch y neges.

 

Swansea University is a registered charity. No. 1138342/Mae Prifysgol
Abertawe yn elusen gofrestredig. Rhif.1138342

 

References

Visible links
1. mailto:[email address]

Francis-Morris R.I., Swansea University

Dear Jordan

 

I write in relation to your request FOI 139/17-18, requesting:

 

Clarification on what is meant by “targeted spear phishing attacks”

 

It is not possible to progress your request at this time, as clarification
is needed from you to enable us to locate the information you have asked
for.

 

In line with the Freedom of Information Act 2000 Section 10(6), the 20
working day timescale will start the day after the University receives the
necessary clarification. If we do not receive clarification from you then
your request will be closed 20 working days from the date of this email.

 

Kind Regards

 

 

Rhydian Francis-Morris

Paralegal/Paragyfreithiwr

Legal Services Team/Gwasanaethau Tìm Cyfreithiol

 

Vice-Chancellor’s Office/Swyddfa’r Is-Ganghellor

Room 7 | Ystafell 7

Abbey Building | Adeilad yr Abaty

Swansea University/Prifysgol Abertawe

Singleton Park/Parc Singleton

SA2 8PP

 

Tel/Ffon: 01792 602812

Email/e-bost: [1][email address]           

 

The University welcomes correspondence in Welsh and English/Mae'r
Brifysgol yn croesawu gohebiaeth yn Gymraeg ac yn Saesneg.

 

Please don't print this e-mail unless you really need to/Peidiwch ag
argraffu'r e-bost hwn oni bai fod gwir angen gwneud hynny

 

The contents of this e-mail are confidential and for the intended
recipient only. If you have received this message in error, please inform
the sender and delete the message/Mae cynnwys yr e-bost hwn yn gyfrinachol
a dim ond y derbynnydd a fwriadwyd a ddylai ei ddarllen. Os derbynioch y
neges mewn camgymeriad, rhowch wybod i'r anfonydd a dilewch y neges.

 

Swansea University is a registered charity. No. 1138342/Mae Prifysgol
Abertawe yn elusen gofrestredig. Rhif.1138342

 

References

Visible links
1. mailto:[email address]

Dear Francis-Morris R.I.,
regarding clarification of a targeted spear phishing attack, a targeted spear phishing attack is similar to a phishing attack in terms of the method of attack however, a targeted spear phishing attack is commonly targeted at selected and identified individuals within an organisation and the email received for example, would be tailored to their interests. A targeted spear phishing attack is a method used to extract financial information, personal information and login credentials from a selected individual, that can later result in breaches against confidentiality and sometimes integrity.

Yours sincerely,
Jordan Gifford

Rhys-Thomas T.C., Swansea University

1 Attachment

Dear Jordan,

 

Your request has been considered under the provisions of the Freedom of
Information Act 2000 and our response is attached.

 

I trust this information is of assistance to you but please contact me if
you have any questions in relation to this response.

 

If you are dissatisfied with the University’s determination of your
application you may in the first instance request an internal review by
contacting Louise Woollard, Director of Services
[1][email address]

 

Please click on the link below for further information in relation to the
Freedom of Information Appeals process.

 

[2]http://www.swansea.ac.uk/the-university/...

 

 

Kind Regards

 

 

Teresa Rhys-Thomas
University Compliance Officer (Data Protection / Freedom of Information)|
Swyddog Cydymffurfiaeth y Brifysgol (Diogelu Data / Rhyddid Gwybodaeth)

Vice-Chancellor’s Office| Swyddfa’r Is-Ganghellor

Abbey Building | Adeilad yr Abaty
Swansea University | Prifysgol Abertawe
Singleton Park | Parc Singleton
Swansea | Abertawe
SA2 8PP

Phone | Ffôn 01792 606107
Email | Ebost [email address]

[3]www.swansea.ac.uk | [4]www.abertawe.ac.uk

 

GDPR - Are you Ready? Please visit our [5]website for further information
| Y Rheoliad Diogelu Data Cyffredinol- Ydych chi'n Barod? Am fwy o
wybodaeth, ewch i'n [6]gwefan
The University welcomes correspondence in Welsh and English | Mae'r
Brifysgol yn croesawu gohebiaeth yn Gymraeg a’r Saesneg

Please don't print this e-mail unless you really need to. | Peidiwch ag
argraffu’r e-bost hwn oni bai fod gwir angen gwneud hynny.
The contents of this email are confidential and for the intended recipient
only. If you have received this message in error, please inform the sender
and delete the message.

Mae cynnwys yr ebost hwn yn gyfrinachol a dim ond y derbynnydd a fwriadwyd
a ddylai ei ddarllen. Os derbynioch y neges mewn camgymeriad, rhowch
wybod i’r anfonydd a dilëwch y neges.

Swansea University is a registered charity. No. 1138342 | Mae Prifysgol
Abertawe yn elusen gofrestredig. Rhif. 1138342

 

Please ensure that when sending personal data, you adhere to the
University’s policy on Security of Personal Data which can be accessed via
the link below.

 

[7]http://www.swansea.ac.uk/the-university/...

 

References

Visible links
1. mailto:[email address]
2. http://www.swansea.ac.uk/the-university/...
3. http://www.swansea.ac.uk/
4. http://www.abertawe.ac.uk/
5. http://www.swansea.ac.uk/the-university/...
6. http://www.swansea.ac.uk/cy/y-brifysgol/...
7. http://www.swansea.ac.uk/the-university/...