Securing Australia’s Education Institutions

Securing Australia’s Education Institutions

The state of cyber readiness in the Australian education sector

By Steve Moros, Director of Cybersecurity, Cisco Australia and New Zealand

Universities and TAFE institutions have a target on their back when it comes to cyber security. While it could be argued that they have always been in the sights of cyber attackers, the stakes have been raised with the role that Institutions now play as training providers and developers of cyber talent for the digital economy.

Five years ago attackers were primarily attracted to the student, financial and research data held by education institutions. But more recently we are observing heightened and different motivations for attackers – the desire to infiltrate an institution which is promoting itself as a cyber security expert.

Universities and TAFE institutions in Australia recognise that the market for cyber security professionals is not being met by current supply, creating an opportunity to provide training to the next wave of cyber graduates. Institutions are investing heavily in the effort to build their cyber credentials and course offerings to attract students. This requires investments in course design, curriculum, and marketing and a commitment to ensuring that universities and TAFEs are positioned as experts in cyber security. To a malicious cyber hacker institutional claims of cyber excellence may be perceived as an invitation to attack and sometimes this threat can be within their own student population.

Most concerning is the fact that in many cases the hackers are winning. Cisco commissioned an independent research report into the cyber readiness of universities, TAFEs and education systems. The study involved desk research, targeted interviews and a survey of the sector (with more than 50% of Australian universities / TAFEs responding). In the four weeks that the survey was in the field, two major breaches in Australian universities were announced: one at the Australian Catholic University and another at the Australian National University.

The findings from the survey provide clues as to why the cyber attackers are succeeding more often than they should. The study revealed:

– Low overall confidence levels in their cyber strategy and approach

– Patchy understanding of where threats were coming from

– The changing threat landscape in cyber security generally, and education specifically

– Concerning gaps in organisational preparedness. As an example, nearly half of all institutions didn’t believe that people in senior roles knew what to do in the event of a cyber breach, or that a communications strategy was in place.

What is clear is that many institutions are now coming to realise the size and nature of the threat. More than half of all institutions surveyed considered cyber security as one of the Board / Council’s top three priorities, and cyber security spending is increasing by more than 30% year on year. Many are wondering whether this is sufficient, with one institution planning to increase spending by 200% on cyber security next year.

The cyber security report concludes with one particularly key observation: someone in an organisation of this size will always click on `that link’. The challenge today is to ensure that when the link is clicked the organisation’s underlying infrastructure and systems are designed to:

a) block that threat

b) If breached, ensure a reduced time is taken to discover the threat

c) limit the financial and reputational damage of the threat

d) identify patterns at an institute and system level so that similar threats can be avoided in the future.

All of this requires an integrated security architecture that leverages threat intelligence to improve efficiency and cyber resilience.

The cyber security report is not easy reading for a university or TAFE executive but Cisco is convinced that it will help those same executives ask more informed questions around cyber, increase awareness of their attack surface and overall preparedness.

You can read the report here

http://www.vector-consulting.com.au/media/1080/securing-australias-education-institutions.pdf

Find out more

https://www.cisco.com/c/en_au/solutions/security/cybersecurity-insights.html