Last week it was revealed that the Australia National University (ANU) was hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years.
According to a statement from the University, a sophisticated operator accessed the ANU's systems illegally in late 2018 but the breach was only detected two weeks ago.
However, this latest high-profile hack should come as no surprise, says specialist insurance provider and pioneer in emerging risk, CFC Underwriting.
International cyber practice leader, Lindsey Nelson, said given the vast amount of sensitive data large universities and schools hold, it’s not a great surprise that cyber criminals are increasingly targeting educational institutions.
“Not only do they store a wealth of valuable personal information on both students and employees, many house information relating to cutting edge research, technology innovations and other intellectual property which is also an attractive target for hackers,” Nelson said.
“The sheer amount of technology available in educational institutions adds to the vulnerability of the sector and strict cyber security measures can sometimes be compromised in favour of usability and functionality given the thousands of students, teachers and staff needing to access systems.”
However, Nelson warns that the data-rich vaults of educational institutions aren’t the only target for hackers.
“We’ve seen a surge in social engineering attacks against schools, colleges and universities as more and more people choose the convenience of paying fees online,” Nelson pointed out.
“These attacks usually take the form of push payment fraud, where criminal third parties impersonate an educational institution, or phishing attacks resulting in cyber criminals intercepting payments from students.”
Nelson added that education is one of the most vulnerable industry sectors to attacks by cyber criminals, not just in Australia but worldwide.
“The sector must recognise that cyber-attacks are a real threat and must step up their protection against malicious data breaches and scams aimed at conning students and their parents out of money or stealing valuable intellectual property,” Nelson said.
According to Professor Gernot Heiser, a cybersecurity expert from the University of NSW, cyberattacks should be just as much a wake-up call for schools as they are to large universities.
“Schools don’t tend to have professional IT staff with a deep understanding of security issues, although a number of schools doubtlessly have teachers who understand IT and the associated security issues,” Heiser said.
“While vulnerable, schools are probably not particularly high-value targets, which means that the risk is probably somewhat less – the pros go for where the gains are biggest. But anyone can be the target of vandals.”
However, he says schools have an “incredible asset” in the form of smart kids, many of whom are very fast in understanding IT problems.
“And the best aren’t necessarily the academic top performers. I think the main challenge as well as opportunity for schools is to channel their talent pool,” he said.
Heiser said that while schools should let students play and experiment, they must provide the right supervision and guidance to lead them in the right direction.
“For example, get them to understand the flaws, but instead of using their insights to subvert the system, get them to help improve it,” he said.
“That’s not easily done, but it’s possible. I’m a professor and internationally well known for my work, but I learned a lot from my students over the years. It’s an incredibly powerful resource for those who know how to harness it.”