Education institutions ‘ill-prepared’ for cyber ‘beast’: report

A new report has warned that Australian education institutions are ill-prepared for the cyber-security threats of the digital age.

Commissioned by cyber security group Cisco, the report provides clues as to why successful cyber attacks are happening more often and causing more harm. First, it found that Australian education institutions had a low overall confidence in their cyber strategy and approach. It also found that institutions had a “patchy understanding” of the origins of the threats and there were “concerning gaps in organisational preparedness”. For example, “nearly half of all institutions didn’t believe that people in senior roles knew what to do in the event of a cyber breach, or that a communications strategy was in place.” The changing landscape of cyber threats to education was another clue found.

Despite these findings, more than half of the institutions surveyed considered “cyber security as one of the Board/Council’s top three priorities, and cyber security spending is increasing by more than 30% year on year”. Indeed, now that education institutions are realising the “size and nature of the beast”, one institution surveyed plans to increase spending on cyber security by 200% next year.

“In large organisations, such as tertiary institutions, there’s a chance that someone will click on ‘that malicious link’. The challenge is to ensure that an organisation’s underlying infrastructure is designed to block that threat, reduce the time taken to discover the threat, limit the damage of a threat, and identify patterns at a system level so similar threats can be avoided in the future,” Director of Cyber Security, Cisco Australia and New Zealand, Steve Moros said.

Such “underlying infrastructure” helps to:

1. a) block that threat
2. b) If breached, ensure a reduced time is taken to discover the threat
3. c) limit the financial and reputational damage of the threat
4. d) identify patterns at an institute and system level so that similar threats can be avoided in the future.

“Universities and tertiary institutions have a vast attack surface with the increasing number of devices connecting to their networks through their students. We see the majority of respondents planning to invest in Multi-Factor Authentication and Zero Trust technologies, such as DUO, to strengthen their defences against user credential attacks,” Moros said.

Up until five years ago, attackers mainly targeted student, financial and research data held at Australian education institutions, but reports are emerging about cyber experts desiring to attack institutions that promote themselves as cyber security experts. For the malicious cyber expert, “institutional claims of cyber excellence may be perceived as an invitation to attack and sometimes this threat can be within their own student population”.

Get the news delivered straight to your inbox

Receive the top stories in our weekly newsletter Sign up now