by Paul Haskell-Dowland
Cybercrime is escalating worldwide, and with a massive demand for cyber security professionals, universities need to respond by offering more graduate and undergraduate programs to equip the workforce with the experts it needs to protect against hackers and other cyber threats.
The growth of “big data” and new laws in Australia and elsewhere are forcing organisations to better comply with privacy laws and protect their digital assets. Under the Notifiable Data Breaches (NDB) scheme introduced in February 2018, breaches covered by the scheme must be reported to the Office of the Australian Information Commissioner (OAIC).
These are no small matters. Just this month, the Australian National University (ANU) revealed it was the victim of a significant data breach in late 2018, when a sophisticated operator accessed its systems illegally. The hacker accessed significant amounts of personal staff, student and visitor data extending back 19 years. ANU is working closely with Australian government security agencies to investigate the breach, which was only discovered in May 2019.
A recent OAIC report shows that almost 1000 data breaches were notified to the commissioner between 1 April 2018 and 31 March 2019. More than a third of all breaches notified were due directly to human error, while 60% were traced back to malicious or criminal attacks.
The gap in the global market for cyber security professionals is estimated at close to 3 million. The Asia Pacific region is facing the largest talent shortfall, with unmet demand for 2.15 million experts. The need is driven partly by the rise in crime and partly by the new cyber security and data privacy laws that are being enacted throughout the region.
The Cisco 2018 Asia Pacific Security Capabilities Benchmark Study found Asia Pacific companies are subjected to six cyber threats every minute. Moreover, 64% of the organisations that suffered a breach said it cost them more than US$500,000 ($722,850) while almost one in 10 companies reported that an attack cost more than US$10m.
The predominance of human factors in data breaches highlights the importance of education and training for all employees who handle personal information.
“Best practice approaches in organisations to protect against data breaches involve a dedicated training program comprising face-to-face training and e-learning, supported by tools and ongoing communication on how employees can stay safe from evolving threats,” the OAIC said in its recent report.
This underscores the importance of tertiary education in producing more cyber security professionals with the skills to protect organisations against sophisticated cyber-attacks.
Undergraduate and postgraduate programs can equip professionals with the tools and techniques needed to predict, identify and mitigate cyber risk, protecting organisations, people, their data and rights.
Paul Haskell-Dowland is an Associate Professor and Associate Dean (Computing and Security) at Edith Cowan University’s (ECU) School of Science.