Schools, not always the most pristine of places are they? Be that as it may, at least education is good about its cyber hygiene.
Cyber-attacks on Australia’s education sector have dropped to 18% (down by 32% from 2017) which saw the sector leave the top spot of most targeted. That’s good news and has much to do with the sector’s focus on securing its networks against bugs.
“It’s almost counter intuitive with reports saying the number of vulnerabilities and the number of attacks are growing. That’s certainly the case, but the education environment is getting better at dealing with the problem, becoming more resilient.
“That’s because they have been attacked and have been the subject of a lot of issues, it’s very positive that they are taking notes and being reactive,” says John Karabin, Dimension Data’s Australian Director of Cybersecurity. Dimension Data provides network and data consulting and other IT services.
Schools used to be a soft target, offering plenty of opportunity for their IT to be compromised.
“Schools can be a very complicated environment, the education environment necessarily wants to make the network easier to use, we see that people want to bring in their own devices and that makes it a bit more complicated from a security perspective.
“Schools obviously have a duty of care to protect the students and teachers but schools are using this to teach students that good cyber hygiene is very critical, students don’t think about it much, they don't care what information they put out there.
“Teaching student from an early age that cyber hygiene is just as important as personal hygiene is important. Cyber hygiene engenders doing all the basics; password management, using anti-virus, updating patches and really thinking about the systems and software that they’re using,” he says.
Karabin always starts with some groundwork when he’s consulting with a school, beginning with a good hard look at the IT environment.
“Many institutions don’t know what they’ve got, so we do a baseline maturity assessment and ask ‘where do you sit today?’ Let’s just understand everything. We use that process as an opportunity to identify what we call the crown jewels.”
The crown jewels are sensitive information about students, the way that the core systems work or the way online exams work, everything that is critical from an education perspective.
“One of the things you have to think about is reputation, if you read tomorrow about a school being breached and all the data being sold on the dark web, its reputation really takes a hit.
“We start matching their risk profile with what they need to do, it’s never a black and white thing, i.e. if you do this, you will be protected for a year. It’s always iterative and evolutionary, and you constantly need to think about who is in the environment.”
A lot of schools are now using third parties to work on their IT infrastructure, it can be a good thing if they have thorough security practices but sometimes they can introduce vulnerabilities.
Karabin typically creates a roadmap clarifying where a client wants to be in 12 months’ time, framing those findings against budgets and identifying how much of a given technology budget is earmarked for cyber security and adding new services.
“Security is about understanding who is connected into you, what you want to deliver to your students, what the crown jewels are, where your baseline is and where you need to go.”
He says it’s a good indication if a school has a dedicated IT security person in place who can understand budgets and can translate that into what they think security should look like.
In Australia, 38% of attacks are sourced from within the region. United States was the second largest attack source accounting for 24% of attacks.
Globally, cryptojacking represents a significant amount of hostile activity, at times accounting for more detections than all other malware combined, hitting the technology and education sectors hardest.
Credential theft is up also up around the world as attackers target cloud credentials, with tech companies, telcos, and business and professional services being significantly impacted.
The most common attack types are brute-force (26%) and service-specific attacks (25%) which are responsible for more than half of activity detected. A third (30%) of all attacks targeted applications comprising application-specific (17%) and web-application (13%) attacks.
See the Dimension Data, Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report.
Flinders University’s New Venture Institute (NVI) has been tapped as one of the leading university business accelerators in the latest UBI World Benchmark study. Read More
Australians are feeling insecure about how robots will effect their livelihoods, for good reason, any number of jobs from stock trading to manufacturing have been heavily impacted by automation. Read More
Hour of Code, the global movement introducing computer science to over 100 million children worldwide, is running from 9–15 December 2019 during Computer Science Education Week. Read More
We used to believe that you’re either creative or you’re good at maths, as it turns out to be really good at maths you have to be very creative too as intuitive non-cognitive thought processes are vital. Read More