By Joanne Wong
Education is the bedrock of modern society. The life we live today in the developed world would not be possible without quantum advances in science, medicine and technology; many of them emanating from the rich environment of enquiry and innovation that has long existed within colleges and universities around the world.
Successful and celebrated inventions which have emerged from local institutions include the cochlear implant, developed by Melbourne University’s Professor Graeme Clark, which has brought the gift of hearing to more than 180,000 people globally, and the cervical cancer vaccine Gardasil, developed by the University of Queensland’s Professor Ian Frazer.
Learning has also become one of the key pillars of the Australian economy. Tertiary and vocational education is no cottage industry – it is Australia’s largest service export and some 500,000 international students now choose to pursue their studies Down Under each year.
Education is also a serious jobs generator for cities and communities. Around 100,000 Australians work in universities and the regions where they are situated enjoy significant economic benefits as a result.
Central to the concept of the higher education system is a focus on research and learning to advance the sum of human knowledge, rather than for mere commercial gain. This is not possible without the free exchange of ideas and knowledge; something which has become immeasurably easier in the digital era.
At the same time, institutions have a duty to protect valuable and sensitive research data from thieves and cyber-criminals seeking to exploit it for commercial advantage or illicit gain.
On the administrative front, Australian universities have a treasure trove of sensitive data in their keeping, in the form of the personal records of tens of thousands of students and staff members. It’s incumbent upon them to store this information safely and securely, according to the privacy regulations overseen by the Office of the Australian Information Commissioner.
Universities under attack
Elsewhere in the world, universities and colleges have been in the sights of hackers of late. One recent study found there were 850 attacks on UK institutions between 2017 and 2018. Many of these attempted incursions were thought to be ‘inside jobs’; the work of staff and students rather than external hackers or organised crime gangs.
Protecting institutional networks and information repositories has been made more difficult by the rise of mobile computing. The days of students accessing university systems via onsite computer rooms, or dealing with academic staff and administrators by email, are receding fast. Across the country, institutions are embracing apps-driven infrastructure which allows students to collaborate, communicate and access learning resources any time and from anywhere.
It’s a learning delivery model which is flexible, cost effective and significantly harder to safeguard than a traditional set-up with a perimeter that’s simple to define, secure and police.
The security challenge is often compounded by a dearth of resources. Unlike many commercial organisations of similar size and scope, Australian universities typically employ small cyber-security teams and augment their efforts with ad hoc assistance from external consultants.
Safeguarding networks and systems
Continual visibility across the network is the key to detecting and neutralising threats. In its absence, breaches can go undetected for long periods; making their impact difficult or impossible to ascertain retrospectively.
Software which provides a single view of the network and allows incidents to be flagged for further investigation can ensure attempted incursions do not go unchallenged.
Institutions can enjoy direct savings in time and remediation costs through technology which pre-empt attacks and heads them off at the pass. Machine learning is making it possible for systems to develop an ‘understanding’ of context which can enable them to formulate a ‘white list’ of normal behaviour, specific to the organisation in question. Meanwhile, automation technology can be deployed to shut down systems and lock accounts automatically, in the event of an anomaly.
Protecting what matters
Safeguarding intellectual property and the personal data of students is no small matter for Australia’s universities and vocational education providers. Material and reputational damage are the almost inevitable results of any significant, successful cyber-security attack and, in a competitive global market, that’s something institutions can ill afford. Those that fail to implement cyber-security technology and processes to mitigate the risk may find themselves marked down by students, staff and the broader education community, should the worst occur.
Joanne Wong is the senior regional marketing director Asia Pacific & Japan at LogRhythm, an American security intelligence company.