Why cyberthreats are a growing challenge for Australian educational institutions

With vast reserves of sensitive data – student records, staff details, and proprietary research – educational institutions are prime targets. The challenge is compounded by limited cybersecurity budgets and outdated defences, leaving them vulnerable to increasingly sophisticated attacks.

A surge in cybersecurity breaches

During the past couple of years, cyberattacks on education and research institutions have surged globally, with Australia witnessing its share of incidents. According to the Office of the Australian Information Commissioner (OAIC), 44 notifiable data breaches occurred within domestic educational organisations during the first half of 2024[1] alone.

Read the latest print edition of School News HERE

One significant incident occurred in March when the Western Sydney University fell victim to a cyberattack[2] that exposed sensitive data of staff and students. Although the university swiftly initiated containment and remediation measures, the breach highlighted the vulnerabilities in Australia’s educational systems and the potential for reputational and operational damage.

Earlier, an attack on the Department of Education in Western Australia disrupted services, causing delays in communications and access to essential systems for weeks. These cases illustrate the scale and scope of the cybersecurity challenges facing Australia’s education sector.

The vulnerabilities

Cybersecurity experts identify three major vulnerabilities plaguing educational institutions:

• System intrusions: The exploitation of weak or outdated IT infrastructure.
• Social engineering: Manipulative techniques to trick individuals into disclosing sensitive information.
• Human error: Unintentional actions, such as misconfigurations or sharing passwords, that lead to breaches.

These vulnerabilities necessitate a strategic overhaul of how educational institutions approach cybersecurity.

Practical solutions for Australian institutions

To address these growing threats, Australian schools and universities must adopt a multi-faceted cybersecurity strategy that covers:

1. Strengthening their IT infrastructure:
   Robust IT systems are essential to protect against breaches. Regularly updating software and hardware ensures vulnerabilities are patched. Schools should employ network segmentation to limit access and mitigate potential breaches.

   The implementation of strict password policies, management of Bring Your Own Device (BYOD) programs, and the establishment of separate Wi-Fi networks for personal, school, and guest devices are also crucial. Mobile Device Management (MDM) systems further enforce compliance and protect sensitive data.

2. Raising cybersecurity awareness:
   Educating students, staff, and parents is key to fostering a culture of security. Australian institutions should conduct regular cybersecurity training sessions, which may include attack simulations and workshops on device safety.

   By promoting awareness and shared responsibility, such initiatives help mitigate human error and reduce vulnerability to social engineering attacks.

3. Investing in advanced tools:
   The adoption of basic cybersecurity tools, such as network monitoring systems, is vital. These tools provide early detection of suspicious activity and facilitate quick responses. Institutions should also use virtual private networks (VPNs) to secure off-campus connections.

   Identity protection is another critical area. Role-based access controls ensure users only access data relevant to their roles, while contextual access adjusts security based on user behaviour or location. Multi-Factor Authentication (MFA) is essential, adding an extra layer of security by requiring multiple verification steps for access.

Adapting to the digital age

As Australian schools and universities increasingly rely on online learning platforms and cloud-based systems, the stakes for cybersecurity have never been higher. Tools like MFA and centralised cloud management not only enhance security but also streamline access for legitimate users.

Cloud-based centralised management systems, for example, allow institutions to monitor access, enforce policies, and customise security measures to meet their specific needs. Such solutions simplify operations while bolstering defences.

The rise in cyberattacks on educational institutions serves as a stark reminder of the need for collective action. Government bodies, educational leaders, and cybersecurity professionals must collaborate to create resilient systems.

Cybersecurity is no longer a luxury for Australian educational institutions – it is a necessity. The rapid adoption of technology in education brings immense opportunities, but without strong defences, these advances come at a steep cost.

By adopting best practices, fostering awareness, and deploying advanced tools, the nation’s schools and universities can protect their communities and ensure the continuity of their educational mission.

This article was written by Anthony Daniel, Regional Director – Australia, New Zealand and Pacific Islands at WatchGuard Technologies

References
[1] https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-january-to-june-2024
[2] https://www.news.com.au/technology/online/security/western-sydney-university-provides-update-on-cyber-breach-that-affected-thousands/news-story