Skip to main

Time for Universities to Teach Cybercriminals a Lesson

Download Point of View
Time for universities to teach cybercriminals a lesson

Six keys to security peace of mind for students, faculty and staff

The higher education sector has learned the hard way about cybersecurity, thanks to cybercriminal intrusions that cost billions and disrupted university services and functioning. The security techniques and technology that other sectors have deployed can be quickly adapted for university systems. And none too soon, now that the government prepares to enforce an “enhanced framework to uplift security and resilience” upon universities, and now that students, faculty, researchers, and IT professionals are increasingly sensitive to a university’s cybersecurity performance and making their choices accordingly, with cybersecurity a firm competitive advantage.

The good news is that the pandemic escalated the transition to digital education and highlighted the critical importance of a university’s IT systems. But it also exposed its unique vulnerabilities. Cybersecurity now an urgent priority and a competitive advantage for higher education. The path is clear for university leaders and their cyber experts to earn the security credentials that their constituent needs and expects.

This Point of View explores the key steps universities should take to ensure they are safe from any cyberattacks.

Unsurprisingly, the COVID-19 pandemic exposed the higher education sector’s susceptibility to cybersecurity attacks. While the rush to virtual learning allowed a massive increase in attacks, the truth is, cybercriminals have long been aware that higher education is a target-rich, insufficiently defended environment. Recently the UK’s National Cyber Security Centre (NCSC) issued a fresh, urgent security alert as universities were assailed with waves of cybersecurity breaches. In the second half of 2020, the Asia Pacific education sector experienced a 21% increase in cyberattacks, compared with just an average 3.5% increase across all other sectors, according IT Brief Australia.

A Sizeable and Urgent Challenge

The Australian Centre of Cyber Security (ACCS) reports that Education and Training in the 2020-2021 financial year ranked number five in terms of number of security incidents and number four in terms of ransomware-related incidents.

Analysis of the QS World University Rankings 2020 by ProofPoint found that “almost half of Australia’s top 20 institutions in the QS World University Rankings 2020 appear to have had no protection in place against hackers trying to trick people to take over their computer systems,” while only two universities proactively were blocking fraudulent emails. The costs of such fraudulent emails are staggering – $81 billion AUD in the 2020-2021 financial year, according to the ACSC Annual Cyber Threat Report. Even if there is no data lost, system downtime when responding to a suspected breach can vastly disrupt a university’s ability to deliver its services, as was shown when RMIT cancelled online and in-person classes following an IT outage caused by a phishing scam.

In one example cited by the ASCS, the network of a leading university in Australia was penetrated by a ransomware attack that caused the administration to suspend its network until it could reopen uncompromised. The report notes that by penetrating education IT environments, criminals can then find pathways to other organisations like research and governments for access to their information and for purposes of additional ransom demands.