Cyberattacks on Australia’s education sector have seen a big drop, according to a new report.
Dimension Data, a global technology integrator and managed services provider for hybrid IT, has revealed exclusive findings from its Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report concerning the cybersecurity maturity of organisations across a number of markets and sectors.
Globally, the average cybersecurity maturity rating languishes at a worrying 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a process, metrics and strategic perspective.
This comes during a time when security vulnerabilities have also surged to a record high (up 12.5% from 2017).
However, overall attacks on Australia’s education sector dropped to 18% (down 26% from 2017) – a reduction that saw the sector drop out of the top spot of most targeted.
According to the report, current cybermaturity (1.92) in education is higher than in other regions, which leaves it better placed to deal with today’s advanced threats.
Scouring trillions of logs and billions of attacks, the report also revealed the most common attack types, with brute-force (26%) and service-specific attacks (25%) responsible for more than half of activity detected. A third (30%) of all attacks targeted applications comprising application-specific (17%) and web-application (13%) attacks.
John Karabin, director of cybersecurity, Dimension Data Australia, said attacks against Australia’s education sector have declined due to relative increases in cybersecurity maturity in the region and accounted for the sector dropping out of the top spot of most-targeted sectors.
“We believe that attackers are shifting their focus to less-mature sectors,” Karabin told The Educator.
“In education particularly, the trend of bring your own device (BYOD) has had a massive impact on the modern learning environment. Students have access to a myriad of devices, both at home and in the classroom.”
Karabin said the use of laptops, tablets or smartphones have become synonymous with the school and university experience. However, the introduction of these devices has also put new pressures on schools and universities to securely support this way of working.
“The risk of unknown and unmanaged end-points from various devices opens the university to a degree of risk around information security,” he said.
“Today, the ever-evolving threat landscape, and increasing compliance requirements and security risks such as BYOD are driving greater levels of cybersecurity innovation. More schools and universities are seeking to implement emerging solutions to bolster their cyber-resilience.”
Karabin said that for many years, organisations would build technology solutions and then ‘bolt on’ security measures as an afterthought – a practice that would often lead to deployment delays and additional costs.
“While the threat landscape continues to evolve, and the emergence of new, more sophisticated vulnerabilities and attack vectors is inevitable, it’s no longer acceptable for security to be an afterthought,” he said.
“Schools and universities must develop a security culture, both by starting with their students and building up, but also, by looking at secure by design approaches, and that’s building security into everything they do.”
Karabin said schools and universities must engage with providers who’re invested in and understand their business, and how they can help drive it forward by applying security holistically throughout the lifecycle, from development to operations, as part of a long-term journey.
“This will help chart a course to safety and ensure they are maintaining a robust security posture into 2020 and beyond,” he said.