We live in a time of increasing cyber-attacks and security breaches. As universities hold a wealth of data, including personal information, technical resources, sensitive research data and intellectual property, they are prime targets for cyber-attacks.
The .edu.au domain saw more malware detections than any other education domain in the world, and the online models universities have adopted during the COVID-19 pandemic only increases their digital footprint.
When the Australian National University (ANU) was hit by a cyber-attack in late 2018, a substantial amount of data was stolen, dating back 19 years relating to staff, students and visitors. Critical data including names, addresses, dates of birth, phone numbers, personal email addresses and emergency contact details, tax file numbers, payroll information, bank account details, passport details and student academic records were accessed.
While the university’s investment in cybersecurity tools is commendable – and reflects overall healthy growth in information-security investment in Australia – the ongoing incidence of breaches highlights that many universities are still taking an incomplete approach to defending themselves.
Since universities are trusted with troves of personal data, addressing these concerns should be a top priority. Universities that can’t improve in this capacity are at risk of significant financial or reputation loss.
Reputational damage is a significant consequence to prepare for. According to a global study by Gemalto, up to 70 per cent of consumers would be more likely to abandon a brand after it experiences a data breach. This can be for various reasons, from feeling like their data is unsafe, to the organisation’s public response to the breach.
As the number of cyber-attack instances continues to grow, even tech companies are vulnerable. The increased adoption of video conferencing in 2020 led to 500,000 compromised Zoom accounts being sold on the Dark Web and other hacker forums. The data was stolen through a credential stuffing attack, where the hacker attempts to access an account using accounts and information that have been previously compromised in other data breaches.
Despite the increasing frequency of cyber-attacks and the fall-out they induce, certain myths persistently prevail - that an on-premise environment is somehow more secure than the cloud and that all cloud-hosted offerings are equal.
In truth, most organisations are ill-equipped to deal with increasingly sophisticated cyber-attacks in-house and using a third-party Managed Service Provider (MSP) is no guarantee either. Security considerations are a current concern for many organisations, as support for Windows Server 2008 was officially withdrawn early 2020. Users will now pay for security updates under an annual fee structure which applies to a point no later than 2023. If you’re now considering a major server upgrade – either on-premise or via a third-party MSP – then it’s time to investigate alternatives.
When G&C Mutual Bank decided the time was right for an upgrade, several options were investigated. G&C Chief Information Officer, David Chapman said security was a chief concern.
“An assessment of our previous MSP environment resulted in a lot of red flags. In a world of hackers and cyber security, we needed to make a change and moving to Software as a Service (SaaS) has erased all of these issues for us,” he said.
The benefits of SaaS go beyond superior security. Committing to an on-premise or MSP cloud-hosted delivery model means it is difficult to stay on the latest version of the software – or undertaking a complex, costly and error-prone process to upgrade. As Boards are increasingly being asked to sign off IT security and privacy risk assessments, shifting to a highly accredited SaaS platform will significantly and demonstrably reduce the IT security and privacy risk profile.
SaaS delivers operational efficiencies, including automatic upgrades, patch management and compliance obligations. That means less time in-house spent on operational IT support, freeing up resources to be redeployed into other parts of the business.
For Chapman, the benefits are ongoing.
“The implementation has introduced business process automation that wasn’t possible before. The benefits we’ve experienced have come a lot faster than we initially thought and are far more effective than we believed they would be. It’s been a win-win all around,” he said.
To learn more about TechnologyOne’s commitment to security, visit
Email [email protected]