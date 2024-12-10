Jana Dekanovska, Counter Adversary Operations Practice Lead at global endpoint security, threat intelligence and cyber attack response solutions provider CrowdStrike, provides an overview of the cybersecurity landscape in Higher Education, and offers valuable advice for educational institutions to mitigate their risk exposures. Jana also provides pragmatic career advice for excelling in the cyber field.

Ms Dekanovska oversees the Threat Intelligence and Threat Hunting operations across Australia and New Zealand for CrowdStrike. She has extensive intelligence analytics experience from her former roles at CyberCX, Merck and Amazon in the Czech Republic, along with her service in NATO commands across Italy, Belgium, and the Netherlands.

Why Higher Education is a prime target for cyber adversaries

The education sector is a prime target for financially motivated access brokers and is the top sector advertised on the dark web, accounting for over 340 incidents this year alone. This trend is not new but has been consistent over the past few years, particularly since the onset of the COVID-19 pandemic and the immutable shift to remote learning.

Top Countries and Sectors Advertised by Access Brokers: Q3 2024. Similar to Q1 and Q2, access brokers focused on access to academic entities. Australia was among the top targeted countries.

Educational institutions are particularly susceptible to cyber attacks due to several factors:

Universities hold valuable data, including personally identifiable information (PII), lucrative research data, intellectual property (IP), and financial information. This data is highly sought after on the dark web, attracting a wide range of buyers, from sanctioned nations like Iran seeking Western intelligence to criminals looking to sell data easily.



Higher education networks are inherently more open and collaborative than corporate networks, facilitating research and communication among educators. This openness, combined with the use of Bring Your Own Device (BYOD) policies and the complexity of managing large numbers of transient students and staff, make these institutions vulnerable. The high turnover rate and the need to constantly update access policies and protocols further complicate security efforts.



Higher Education is also a lucrative target due to the inherent supply chain interconnectivity with government institutions and NGOs.

Adversary Trends and Threat Vectors Affecting Australia

CrowdStrike has observed notable adversary trends targeting higher education, particularly in Australia. The top threat vectors include identity-based attacks, where adversaries use valid credentials to gain access rather than breaking in through traditional means. This method has been observed in 75 per cent of attacks within the academic sector, compared to much lower rates in other industries.

“The detection of attempted breaches via valid accounts was observed 500,000 times. The second most common technique was network service discovery, which was observed 150,000 times.”

Nation-state actors, including those from Russia, Iran, and North Korea, have increasingly targeted Australian institutions. These actors engage in cyber activities to generate revenue, steal intellectual property, and conduct economic espionage. For instance, North Korea has been involved in stealing IP related to agriculture and chemical products to generate crypto-based revenue.

Challenges Faced by Universities

From her conversations with Australian universities, Ms Dekanovska highlighted several prevailing concerns. These include the difficulty in detecting threats promptly, the complexity of managing large and diverse networks, and the challenge of maintaining robust security measures within budget constraints. The mean time to detection of threats in higher education is often longer than in other industries due to these complexities.

Collaborative Efforts and Solutions

CrowdStrike has been proactively working with industry partners and government bodies to coordinate efforts against cyber adversaries. One notable collaboration is with cyber consultancy and Managed Security Services provider Sekuro. Sekuro earlier this year launched their adaptive security platform powered by CrowdStrike’s Falcon Logscale and Next Generation SIEM solutions.

Incorporating AI-based threat intelligence, the turnkey system has delivered immediate, measurable outcomes such as reduced mean time to acknowledge, notify and respond to threats by up to 95 percent, whilst increasing threat detection coverage by 10X for joint clients including Charles Sturt University, Queensland University of Technology and the University of Wollongong. This partnership exemplifies how institutions can enhance their cybersecurity posture through industry collaboration and the use of advanced technologies.

Uplifting Threat Detection and Response

To uplift their threat detection and response capabilities, Ms Dekanovska advises higher educational institutions to focus on consolidation. With numerous platforms and solutions available, it is crucial to trust a unified platform that provides a comprehensive view of the security landscape. This approach not only simplifies management but also enhances the effectiveness of security measures.

“There are so many platforms and solutions that educational institutions need to procure and manage. Consolidating with a trusted security partner is not only really cost effective, but also streamlines threat intelligence and operations through a single pane of glass,” she says.

Top Three Ways to Mitigate Cyber Attacks

Ms Dekanovska's top three pieces of advice for higher education institutions are:

Dark Web Monitoring Proactively monitor the dark web to understand what information has been leaked. This is vital for universities to stay ahead of potential threats. CrowdStrike's Falcon Recon, an add-on managed service, provides analytics and recommendations to help institutions identify and respond to true positives.

Identity Hygiene Maintain rigorous identity hygiene practices. This includes understanding and managing risks associated with Active Directory (AD) and ensuring that identity data is secure. Regular audits and updates to access policies are essential.

Threat Hunting Invest in in-house or outsourced threat hunting capabilities. By analysing identity data from domain to endpoint, institutions can uncover new angles of attack and respond more effectively to emerging threats.

By understanding the unique vulnerabilities of the Higher Education sector and adopting proactive measures, universities can better protect their valuable data and maintain a secure environment for research and education.

Promoting Inclusivity in Cybersecurity

Ms Dekanovska also stresses the importance of female representation and diversity in strengthening the cybersecurity workforce. Drawing from her background in the Czech Republic, she emphasised that cultural factors play a significant role in shaping career paths. In her experience, the post-Communist culture encouraged women to work, which contrasts with the more affluent Western cultures where women often stayed at home.

“My mother was an engineer. During Communism, it was compulsory for everyone to work. As such, for the last 50-60 years in Central Europe, there was no such thing as women staying at home – when I was growing up, I never felt that a particular professional field was male dominated.”

To make cybersecurity courses more inclusive, Ms Dekanovska suggests seeding and fostering interest in the field early than tertiary education – even from primary school levels. She advises women to seize opportunities as they arise and not to be fixated on a specific career path. Her own journey, from aspiring diplomat to a key figure in cybersecurity, underscores the importance of being open to various roles and gaining experience in different areas.

Career Advice for Women in Cybersecurity

For women looking to establish or further their careers in cybersecurity, Ms Dekanovska's advice is straightforward: don't focus too narrowly on what you want to do. Instead, accept opportunities that come your way and use them as stepping stones. Whether starting as a SOC analyst or in another entry-level role, gaining experience and building a network are crucial steps to advancing in the field.

Find out how to improve your threat detection and response capabilities with CrowdStrike and their leading APAC implementation partner, Sekuro: https://sekuro.io/protect-more-with-less/.