Schools, not always the most pristine of places are they? Be that as it may, at least education is good about its cyber hygiene.
Cyber-attacks on Australia’s education sector have dropped to 18% (down by 32% from 2017) which saw the sector leave the top spot of most targeted. That’s good news and has much to do with the sector’s focus on securing its networks against bugs.
“It’s almost counter intuitive with reports saying the number of vulnerabilities and the number of attacks are growing. That’s certainly the case, but the education environment is getting better at dealing with the problem, becoming more resilient.
“That’s because they have been attacked and have been the subject of a lot of issues, it’s very positive that they are taking notes and being reactive,” says John Karabin, Dimension Data’s Australian Director of Cybersecurity. Dimension Data provides network and data consulting and other IT services.
Schools used to be a soft target, offering plenty of opportunity for their IT to be compromised.
“Schools can be a very complicated environment, the education environment necessarily wants to make the network easier to use, we see that people want to bring in their own devices and that makes it a bit more complicated from a security perspective.
“Schools obviously have a duty of care to protect the students and teachers but schools are using this to teach students that good cyber hygiene is very critical, students don’t think about it much, they don't care what information they put out there.
“Teaching student from an early age that cyber hygiene is just as important as personal hygiene is important. Cyber hygiene engenders doing all the basics; password management, using anti-virus, updating patches and really thinking about the systems and software that they’re using,” he says.
Karabin always starts with some groundwork when he’s consulting with a school, beginning with a good hard look at the IT environment.
“Many institutions don’t know what they’ve got, so we do a baseline maturity assessment and ask ‘where do you sit today?’ Let’s just understand everything. We use that process as an opportunity to identify what we call the crown jewels.”
The crown jewels are sensitive information about students, the way that the core systems work or the way online exams work, everything that is critical from an education perspective.
“One of the things you have to think about is reputation, if you read tomorrow about a school being breached and all the data being sold on the dark web, its reputation really takes a hit.
“We start matching their risk profile with what they need to do, it’s never a black and white thing, i.e. if you do this, you will be protected for a year. It’s always iterative and evolutionary, and you constantly need to think about who is in the environment.”
A lot of schools are now using third parties to work on their IT infrastructure, it can be a good thing if they have thorough security practices but sometimes they can introduce vulnerabilities.
Karabin typically creates a roadmap clarifying where a client wants to be in 12 months’ time, framing those findings against budgets and identifying how much of a given technology budget is earmarked for cyber security and adding new services.
“Security is about understanding who is connected into you, what you want to deliver to your students, what the crown jewels are, where your baseline is and where you need to go.”
He says it’s a good indication if a school has a dedicated IT security person in place who can understand budgets and can translate that into what they think security should look like.
In Australia, 38% of attacks are sourced from within the region. United States was the second largest attack source accounting for 24% of attacks.
Globally, cryptojacking represents a significant amount of hostile activity, at times accounting for more detections than all other malware combined, hitting the technology and education sectors hardest.
Credential theft is up also up around the world as attackers target cloud credentials, with tech companies, telcos, and business and professional services being significantly impacted.
The most common attack types are brute-force (26%) and service-specific attacks (25%) which are responsible for more than half of activity detected. A third (30%) of all attacks targeted applications comprising application-specific (17%) and web-application (13%) attacks.
See the Dimension Data, Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report.
With more than 2000 planned events around Australia, National Science Week, 10–18 August, is going to be huge. One great free accompanying resource is the free Destination Moon Resource Book. Read More
La Trobe University has launched the brand-new Bachelor of Humanities, Innovation and Technology – a fusion of humanities with business and emerging technologies. Read More
Want to be a part of a community developing exciting initiatives in STEAM? The STEAM Futures Conference by Viewbank College on August 23rd 2019 is your chance to do it. Read More
A collection of ancient rock with opalised bones from Lightning Ridge in NSW has been brought to life through a novel project involving scientists from around Australia. Read More