campusreview . com . au
ON CAMPUS
Wake-up call
Unis need better protection to ensure the integrity of their COVID-19 vaccine research .
By Geoff Schomburgk
Research for a COVID-19 vaccine
is happening worldwide and is a vital factor in helping combat the coronavirus pandemic . Concerning reports are emerging from intelligence agencies in the UK , USA and Canada saying they have identified hacking attempts and cyberattacks aimed at their vaccine researchers , which leads us to a critical question .
Academic institutions on the front lines of this life-saving research need a smooth and seamless way to protect their intellectual property . At the bare minimum , privileged users handling highly sensitive research information need to be better protected against state-sponsored perpetrators and other malicious actors to avoid successful breaches .
SUB-PAR SECURITY PERSISTS AT UNIVERSITIES
While many Australian universities have established cybersecurity research centres and even offer degrees in cybersecurity , there is a significant gap in data protection protocols as many are still falling victim to account takeovers and theft of the personal information of students .
According to Verizon ’ s 2020 Data Breach Investigation Report , 30 per cent of hacking attacks in Asia Pacific used stolen
credentials or exploited vulnerabilities against web applications , and 92 per cent of breaches in the education sector globally involved financially motivated actors . This report also found that 51 per cent of breaches in the education sector involved the use of stolen credentials from phishing or hacking attacks .
Recently , hackers infiltrated the systems at ANU , highlighting the continued risks for universities in the wake of a global pandemic .
However , these types of threats have been occurring regularly over the past couple of years with the prime purpose being IP theft . As recently as two years ago , a staggering 26 Australian universities were targeted by a group of nation-state hackers . The victimised universities included ANU , Queensland University of Technology and Monash University .
INCREASING RISK FACTORS Universities commonly adopt a Bring Your Own Device ( BYOD ) environment , further elevating the security risk with the use of personal computers , tablets , mobiles and other smart devices brought into educational institutions by research staff , lecturers and students .
Additionally , many research environments prohibit the use of mobile phones and biometrics , such as fingerprints for mobile phonebased authenticators , pose challenges due to the use of personal protective equipment ( PPE ).
With an increase in educational activities delivered online , cybersecurity incidents are more likely to prevent students from accessing course materials , endanger research projects and jeopardise the chance of gaining future research funding due to a loss of trust .
MFA PROTECTION FOR OUR UNIVERSITIES
One of the eight recommended mitigation strategies of the Australian Cyber Security Centre ’ s Essential Eight is Multi-Factor- Authentication ( MFA ), which is one of the most effective controls a university can implement to prevent an adversary from gaining access to its network to steal research data and other valuable IP . In fact , Monash University deployed MFA for 130,000 users after a series of nation-state attacks .
However , MFA adoption is currently low and generally poorly implemented in Australian universities . If it is present , it is usually for a narrow use case such as privileged users , like IT admins or faculty staff handling sensitive information such as finances or grants .
While MFA should be implemented wherever possible in the academic world , it is particularly important to protect users with access to highly sensitive data repositories such as research teams , or those that need to log in remotely via VPNs , RDP , SSH and other remote access technologies .
AVOIDING CYBERSECURITY ATTACKS
Ultimately , reliable security is critical to upholding the integrity of university education and research , making any cybersecurity incident a severe consequence for any institution .
For university executives , the impact of a cybersecurity breach is just as serious a concern for its reputation as a centre of learning as it is for the privacy of research staff and their work .
Implementing MFA will enable valuable research being carried out to find a vaccine for COVID-19 to stay secure until it is ready to be published . It will also help universities to build a strong cybersecurity posture for all of their systems , which will ensure the online safety and privacy of all staff and students . ■
Geoff Schomburgk is vice president for Australia & New Zealand at Yubico .
25