campusreview . com . au
NEWS
Cyber alert
Universities on notice after Deakin data breach .
By Eleanor Campbell
A recent cyber attack at Deakin University which compromised the data of tens of thousands of students has led experts to place the sector on high alert .
Hackers stole the login details of a single Deakin staff member and unlocked the personal details of 46,980 past and current students .
This included individuals ’ names , past academic results , mobile phone numbers and email addresses .
A phishing text was then sent to nearly 10,000 students through a third-party provider asking for credit card details to pay for “ an urgent customs fee ”.
Ryan Ko , a cybersecurity professor from the University of Queensland , said universities have become an increasingly alluring target for hackers .
“ Universities are an attractive place for cyber criminals mainly because they are at the interface of many things ,” Ko told Campus Review .
“ They do exciting research , which could potentially be stolen and used on underground markets to sell the IP to potential customers , or they could also be interfacing with multiple countries and multiple government officials and agencies .”
Cybersecurity incidents within the education sector hit record highs in 2021 , with at least four major Australian universities hit by online attacks .
According to data from the Australian Cyber Security Centre , 6.2 per cent of cyber security incidents during the period of 2021-22 were reported by education and training providers .
Ko said this is likely to increase over time as perpetrators become more sophisticated and harder to identify .
“ We ’ re going to see these opportunistic cybercriminals knowing that the odds are not against them , they ’ re actually for them ,” he said .
“ In fact , we are starting to see a shift from traditional crime into cyber and cyberenabled crime from the statistics we have seen so far .”
A recent audit by the Victorian government found a major cyber weakness among universities was a lack of consistent policies and procedures around third-party service providers .
Coupled with an overreliance on IT systems , led by the shift to remote learning , administrators are now dealing with a minefield of digital risks , Ko said .
Universities are an attractive place for cyber criminals because they are at the interface of many things .
“ In the case of this recent Deakin cyber attack , it involved a third party provider sending an SMS , so it ’ s also unclear whether the third-party provider sending the SMS spam was of a high enough cyber security posture .
“ There has to be a system where we are able to certify , or at least the suppliers to the universities can attest to , or vouch for some level of cybersecurity maturity ,” Ko said .
In a blog post , Deakin University said it had launched an investigation into the breach and had engaged with the Office of the Victorian Information Commissioner . “ Deakin continues to investigate the incident and is working with the third-party provider to ensure security protocols are enhanced to prevent any recurrence of this breach ,” a statement read .
“ Malicious attacks are becoming more commonplace , and more difficult for individuals to detect , however , we must all remain vigilant .”
Campus Review contacted Deakin University for further comment . ■
7