TECHNOLOGY
campusreview.com.au
Enter the ‘cyber beast’
Universities not ready for
digital era threats.
By Wade Zaglas
A
new report has warned that
Australian education institutions are
ill-prepared for the cybersecurity
threats of the digital age.
Commissioned by cybersecurity group
Cisco, the report provides clues as to why
successful cyber attacks are happening
more often and causing more harm.
First, it found that Australian education
institutions had a low overall confidence
in their cyber strategy and approach. It
also found that institutions had a “patchy
understanding” of the origins of the threats,
and there were “concerning gaps in
organisational preparedness”.
For example, “nearly half of all institutions
didn’t believe that people in senior roles
knew what to do in the event of a cyber
breach, or that a communications strategy
was in place”.
The changing landscape of cyber threats
to education was another clue found.
Despite these findings, more than half
of the institutions surveyed considered
cybersecurity as one of the board/
council’s “top three priorities” and that
cybersecurity spending is “increasing by
more than 30 per cent year on year”.
Indeed, now that education institutions
are realising the “size and nature of the
beast”, one institution surveyed plans to
increase spending on cybersecurity by
200 per cent next year.
“In large organisations, such as tertiary
institutions, there’s a chance that someone
will click on ‘that malicious link’,” said
Steve Moros, cybersecurity at director Cisco
Australia and New Zealand.
“The challenge is to ensure that an
organisation’s underlying infrastructure is
designed to block that threat, reduce the
time taken to discover the threat, limit the
damage of a threat, and identify patterns
at a system level so similar threats can be
avoided in the future.”
Such “underlying infrastructure” helps to:
1. Block that threat
2. If breached, ensure a reduced time is
taken to discover the threat
3. Limit the financial and reputational
damage of the threat
4. Identify patterns at an institute and
system level so that similar threats can
be avoided in the future.
“Universities and tertiary institutions have
a vast attack surface with the increasing
number of devices connecting to
their networks through their students,”
Moros said. “We see the majority of
respondents planning to invest in multi-
factor authentication and zero trust
technologies ... to strengthen their
defences against user credential attacks.”
Up until five years ago, attackers
mainly targeted student, financial and
research data held at Australian education
institutions, but reports are emerging
about cyber criminals desiring to attack
institutions that promote themselves as
cybersecurity experts. For the malicious
Nearly half of all institutions
didn’t believe that people in
senior roles knew what to do in
the event of a cyber breach.
cyber expert, Moros said, “institutional
claims of cyber excellence may be
perceived as an invitation to attack, and
sometimes this threat can be within their
own student population”. ■
27