How Universities need to adapt to the changing demands that are being placed upon them
Many of the academic institutions in the Australia and New Zealand are having to adapt to new demands in how they work, how they teach and the research work they undertake.
They need to ensure that they achieve and maintain compliance in terms of the capture and use of student data; they need to enable their staff to work remotely without compromising in security or ease of access; enable their students to input and access information irrespective of location; and they need to adapt their research methodology to reflect the challenges of working in a virtual environment.
But critically they need to do this in a secure and safe way that protects against security threats and isolates incursions quickly and effectively, but without limiting operational flexibility and innovation.
This Point of View explores the challenges universities are facing and how we believe they can be addressed.
The education sector in Australia and New Zealand has become a prime target of malicious cyberattacks as is evident in the growing number of reported attacks on schools and universities over the last few years. These include the NSW Department of Education systems just before the start of the new school term in 2021, 11 schools in New Zealand affected by the Kaseya ransomware attack, and attacks on both the Australian National University (ANU) and Australian Catholic University (ACU). In addition, in July 2021 the Tertiary Education Quality and Standards Agency (TEQSA) alerted all Australian higher education institutions to an emerging cybersecurity risk targeting the edu.au domain.
The risk is not just that the number of attacks have increased, it is that they have become more sophisticated.
This surge in cyberattacks is not surprising. Many universities and higher-education institutions around the globe have expanded notably within the past two decades in terms of sites, staff, and students, putting more pressure on the IT technologies that support them. Unfortunately, traditional IT solutions such as Virtual Private Networks (VPNs) and traditional firewall-protected networks are struggling to deliver the access and security required – not just in the academic world, but also in the new working practices that are required across all organisations. The expansion of the perimeter creates more risk and threats, increasing the importance of building a cyber resilience model that works.
In addition, while many Australian and New Zealand tertiary institutions already offered digital remote learning, the impact of COVID-19 social distancing mandates required a rapid shift to virtual classrooms for all students at all levels of education. The classroom and lecture theatre were now in the loungeroom. With this expansion of the institution’s perimeter comes greater vulnerability as it provides the attackers more points to target.
Why should education institutions care? Cyber incidents can harm their service delivery and reputation and may involve:
- Theft of information such as intellectual property or sensitive personal data
- Denial of access to critical technology
- Hijacking of systems for profit or malicious intent
- Financial losses
A strong cybersecurity approach comprises technologies, processes and controls designed to protect IT systems and sensitive data from cyberattacks. And rather than focus on simply preventing attacks, it requires a framework that ensures resilience by minimising the extent of a breach if it happens – and it will happen. A cybersecurity framework should cover threat identification, protection, detection, response and recovery of IT systems.