Cybersecurity has become an increasingly important topic in light of the recent WannaCry ransomware attacks and a string of other major cyberattacks around the world that have compromised computer systems in the government and private sectors.
One challenge for schools is the question of how cybersecurity education should be delivered – and by whom.
A survey last year by ESET, a global IT firm based in Slovakia, revealed that most people believe cybersecurity education should be the responsibility of parents.
However, 71% of respondents said it should be a high school teacher’s responsibility.
Nick FitzGerald, a senior research fellow at ESET, told The Educator that a significant majority of students in Australia and New Zealand are taught in public schools, and as such, cybersecurity would be best delivered by the government.
“Recently, the Australian and New Zealand governments have recently updated their national cybersecurity policies. Both claim that there should be a stronger focus on initiatives to boost cybersecurity education in schools,” he said.
“There are very few teachers who are specialised in cybersecurity education, and this is an issue in itself because this kind of education is important in a digital world.”
Two organisations which used the recent EduTech conference in Sydney to raise awareness about this issue are Macquarie University and BlackBerry AtHoc.
John Durbridge, Macquarie University’s campus security manager told The Educator that with 40,000 students and 3,500 staff attending the university, the need to meet regulatory compliance requirements for staff workplace health and safety is a key consideration.
“Our Emergency Management Team needed a critical incident mass notification solution that could deliver targeted, or ‘en masse’, alerts to potentially thousands of students and personnel using multiple channels in case of an incident or an emergency, such as a cyberattack,” Durbridge said.
“We use BlackBerry AtHoc as part of the University’s Emergency Management Plan for all our mass-communication needs as they present themselves during emergencies or other such critical incidents.”
So could such a system be of value in K-12 schools?
Durbridge said in the instance of a cyber threat, the system can broadcast simple, succinct messages to students, teachers and other staff that contain important information, instructions, and updates.
“This could assist our team in managing and mitigating the threat, for example by sending a message to our staff and students recommending not to open a certain email, or click on a certain link,” he explained.
University staff and students are enrolled in the system which syncs directly with the University’s active directory each day, ensuring that the database is live and accurate, and can share a single format message over multiple platforms in the event of a crisis on campus, or in the surrounding area.”
Durbridge said that in today’s digital, globalised world every organisation, from a small business to a large empire is vulnerable to threats.
“Cyber-attackers are not discerning, but do like to hit where it hurts,” he said.
“Whether it is a school, university, hospital or government agency, anyone can be the target of a cyberattack.”
He said the WannaCry ransomware attack was a chilling example of how cyber threats can spread at a global scale, and compromise organisations from all sizes and industries.
“Every organisation with a duty of care should be prepared to respond to such scenarios, to protect their people as well as their data,” he said.