Read The Times Australia

Daily Bulletin

How Australian universities can get better at cyber security

  • Written by: Greg Austin, Professor, Australian Centre for Cyber Security, UNSW
How Australian universities can get better at cyber security

The cyber security practices of Australian universities are in the spotlight after the Australian National University (ANU) reported last week it had been the target of a serious attack. Hackers – reportedly based in China – infiltrated ANU’s networks some time last year and have proven difficult to remove.

According to the Australian Cyber Security Centre’s 2017 Threat Report:

Targeting of the networks of Australian universities continues to increase. Universities are an attractive target given their research across a range of fields and the intellectual property this research is likely to generate.

Anecdotal information suggests university performance in cyber security is quite weak. The problem is not widely studied by scholars. But there are things they can do to improve.

It’s important that they do because university networks hold important intellectual property data; sensitive political, business, and social data from background interviews and surveys; and valuable personal information about students who go on to become political, business and national security leaders.

Read more: Is counter-attack justified against a state-sponsored cyber attack? It's a legal grey area

This is a global problem

Cyber attacks targeting universities aren’t limited to Australia.

Chinese universities were among the major victims of a global ransomware attack involving the Wannacry malware in 2017. The attack, which locked up user files and demanded a ransom, came just on the eve of submission of final theses for the academic year in Chinese universities. Social media reporting suggests the disruption was serious.

Indeed, universities figure rather prominently as victims of cyber attacks in China. In 2016, according to a Chinese study, the country’s universities accounted for the highest proportion (40%) of targets of the most serious form of threat.

Known as Advanced Persistent Threat (APT), this form of attack is usually associated with government intelligence or military agencies. My own work suggests that in general the institutions targeted had bad security practices – either by not installing software updates on the day of issue or by using pirated software.

Better reporting is required

So how good are Australian universities at cyber security?

There is scant public evidence assessing the cyber security practices of Australian universities so it’s hard to say. According to a senior official of a small regional university who I spoke to last month, his institution simply has not been equipped, staffed or funded in the past to engage with the challenge.

What about the country’s top universities?

To answer this, some consistent and public reporting on security incidents would be required. If we had information on the size of security staffs, the type of outsourced security arrangements, and the total annual budget for cyber security in our universities we could make a reasonable judgement. These types of data are difficult to find, but we can make judgements in other ways.

First and most simply, do universities utilise two-factor authentication? Do they prohibit staff and visitors from bringing their own devices and USBs? Most Australian universities probably fail these two basic tests.

Read more: How suppliers of everyday devices make you vulnerable to cyber attack – and what to do about it

Second, since most Australian universities don’t insist on mandatory training in simple security measures, such as how to avoid “phishing” emails that carry malware, we can assume serious vulnerabilities exist.

In 2018, the University of New England released a comprehensive three-year information security plan. It is an impressive assessment of the threats, risks and challenges for the university – and it updated a previous plan for 2015-17. The scale of the challenge is well captured by one sentence in its executive summary:

…yesterday’s security defenses are not effective against today’s rapidly evolving threats.

Not all Australian universities have such an easily accessible and comprehensive plan.

What is to be done?

Mature organisations in the corporate world do not leave cyber security management in the hands of the information technology managers. Rather they place responsibility in the department of risk management, directly under the CEO or Board of Directors. One reason is that cyber security is a socio-technical problem, not just a technology problem.

There is an additional option uniquely available to universities: to ensure that those who manage security of networks and data work closely with those who research and study the same problem.

This happens in Oxford University, where the academic staff in the field are seen as part of the solution. Oxford convenes a monthly meeting of its Information Security Special Interest Group (SIG) and its members help manage the university’s annual baseline cyber security assessment.

Read more: Deterring cyber attacks: old problems, new solutions

Oxford also has its own Computer Emergency Response Team (CERT), a type of organisation used globally, though often only at the national level, to manage certain aspects of cyber security. The CERT is developing the university’s own security analytics platform (SAVANT).

In December, the Canadian universities and colleges association issued a workshop report on what their member institutions needed to do to address this problem. It advocated, among many other steps, a national university-based cyber security network.

Participation in a shared Australian network of this kind will be the only solution available to Australia’s smaller universities with low security capability, but also an essential component of the cyber security work for our largest.

Authors: Greg Austin, Professor, Australian Centre for Cyber Security, UNSW

Read more http://theconversation.com/how-australian-universities-can-get-better-at-cyber-security-99587

Business News

How to Rent a Car for Uber in Melbourne: What Every New Driver Needs to Know

Starting out as an Uber driver in Melbourne is not as complicated as it sounds but getting the vehicle right is where most new drivers get stuck. Uber has strict requirements around vehicle age, condi...

Daily Bulletin - avatar Daily Bulletin

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

Turning Your Empty Tables into Revenue

The rise of AI demand tools in hospitality, the EatClub–CommBank partnership, and seven trends reshaping Australian dining  A growing number of Australian venues are turning to AI-powered demand mana...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...

How A Diploma Of Project Management Builds Practical Skills For Modern Work Environments

Developing the ability to plan, execute, and deliver outcomes efficiently is a key requirement in to...