NewsBite

Open campus access creates cybersecurity risk

Universities are vulnerable to potentially damaging cyber breaches because of their structure and focus on open access.

Tim DoddTim Dodd
2 min read
12:00AMAugust 22, 2018

Universities are uniquely vulnerable to potentially damaging cyber breaches because of their decentralised structure and focus on open access to information, ­according to cybersecurity consultants.

“Their ecosystem is unique and different to an Australian corporate,” said Shane Bell, partner with McGrathNicol Advisory.

Speaking after news last month that the Australian ­National University had fought off a sustained attack by overseas hackers, reportedly from China, Mr Bell said universities were magnets for attack partly because of the valuable research information they held.

Mr Bell and his colleague, McGrathNicol Advisory partner Darren Hopkins, said the broad access to university systems by tens of thousands of students and staff, and their decentralised management structures, were points of vulnerability.

“(University) faculties do different things and have their own views about who will have access to their infrastructure,” Mr Bell said. “Their primary driver is not necessarily the protection of that information, it’s the availability of the information.”

Mr Hopkins said universities had no control over the tens of thousands of ­“bring your own” ­devices used to login to their ­systems.

“You’ve got no control over any of that,” he said.

He said there was a high risk of malware being introduced, which attacked the system.

Mr Bell said universities faced a complex cybersecurity challenge.

“Inside a university you’re dealing with thousands upon thousands of students and layers within that of who should be ­accessing what information,” he said. “To build controls around that can be quite complicated.”

The pair said there was a major risk of identity theft — stealing email addresses and passwords — which could give bad actors access to sensitive material.

They said there was a noticeable change in the approach of hackers, who were no longer as concerned with quick wins but were thinking more strategically about how to maximise their returns once they have penetrated a system.

“Once they get in somewhere, rather than doing anything immediately they’ll sit there and see what they’ve got,” said Mr Hopkins. “It can take weeks or months. They will use the information to island hop to the next system.”

Mr Bell said that universities were making a shift towards being more proactive, rather than reactive, about their cybersecurity, which was a positive step.

Tim Dodd
Tim DoddHigher Education Editor

Tim Dodd is The Australian's higher education editor. He has over 25 years experience as a journalist covering a wide variety of areas in public policy, economics, politics and foreign policy, including reporting from the Canberra press gallery and four years based in Jakarta as South East Asia correspondent for The Australian Financial Review. He was named 2014 Higher Education Journalist of the Year by the National Press Club.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.theaustralian.com.au/higher-education/open-campus-access-creates-cybersecurity-risk/news-story/43e14c26396f0785cdda0bfde5531fb2