Why education institutions must prioritise cyber security
More than 1.5 million university students and staff are at an increased risk of email-based impersonation attacks across Australia. This is because more than four in five (82 per cent) of Australia’s higher education institutions are lagging on basic cybersecurity measures. A complex cybersecurity situation has emerged due to unique characteristics that make higher education campuses tempting to cybercriminals.
Everything that makes university campuses so attractive for students and staff—such as an emphasis on independence, the free flow of ideas, and a diversity of skills and backgrounds—also poses challenges to achieving cybersecurity.
With Wi-Fi typically available campus-wide, a diverse group of administrators, professors, employees, and students are accustomed to connecting to university networks whenever and wherever they want. As a result, these institutions are naturally more susceptible to cybercrime than corporate environments, where IT teams can enforce more stringent security measures.
Universities have extensive attack surfaces, a significant portion of which consists of web-facing assets, such as domains and sub-domains, that link to sensitive internal resources. When an attacker exploits a vulnerability in one of these assets, they can gain access to the internal network and, before anyone knows what has happened, the campus is breached.
The cybersecurity risks associated with an extensive domain network increase when the network contains unmaintained sites, which are sites that remain connected to the internet even though they are no longer needed or in use.
Colleges and universities were early adopters of digital tools and interfaces. But, in many cases, early adoption has led to legacy systems that are particularly vulnerable to modern attacks. Cyberattackers use cutting-edge technologies and methods to exploit university systems that often lack the necessary updates and protection. Unfortunately, university IT systems are also usually decentralised, which gives attackers an easy way in to networks.
Decentralisation is hard to avoid. For example, a university’s astrophysics department will likely have different technological needs than its literature department. So, while it makes operational sense for individual departments to operate under their own IT structures, this piecemeal setup creates clear information security vulnerabilities. Across dozens of departments, there is a high likelihood that at least one will have a combination of outdated devices, unpatched operating systems, inadequate email filtering, faulty data backup, or insufficient user training and policies.
Upping the game: security solutions that suit universities
While higher education faces many cyberthreats, a combination of improvements in talent, technology, and culture can go a long way towards keeping online users safe and university data secure.
1. Talent
Skilled cybersecurity professionals are essential for developing, managing, and responding to security threats. Cybersecurity is often outsourced, but it’s important to have on-site experts who can respond quickly and effectively to a suspected breach. The physical and technological sprawl of higher education campuses needs internal IT employees who understand how the campus, its staff, and its students operate. Investing in cybersecurity education and training for both IT staff and students can also build knowledgeable users who can spot phishing attempts, avoid social engineering, and ultimately protect the institution’s digital assets against cybercriminals.
2. Technology
Universities must implement robust security measures, such as advanced firewalls, intrusion detection systems, and encryption protocols. Regularly updating and patching systems, alongside continuous monitoring, ensures vulnerabilities are addressed promptly.
3. Culture
Cultivating a security-conscious culture within universities is crucial. This includes promoting an environment where staff and students prioritise cybersecurity through regular training and awareness programs. Encouraging a proactive stance on security and making it an integral part of daily operations can reduce the risk of breaches significantly.
How Experis can help
The IT world moves fast. Experis helps educational institutions remain agile by sourcing and attracting top IT talent. As specialised IT recruiters, Experis goes beyond what other employment agencies do when it comes to IT. Whether it’s contract or permanent positions, one-off or large-scale projects, our dedicated teams can connect you to the specific IT vertical to meet your needs.
To read more about how technology trends are impacting Australia’s tertiary education sector, download ManpowerGroup’s Shaping the Future Workforce: Trends Transforming the Australian Tertiary Education Sector report which explores how four major trends, including technology, are impacting talent dynamics within Australian tertiary education institutions.