As technology and data become increasingly integral to their operations, institutions need to be more aware of cybersecurity issues—in particular, potential theft of intellectual property (IP), according to Professor Jill Slay, Optus Chair of Cyber Security at La Trobe University.
“Having worked in three universities in Australia, I’ve experienced these targeted approaches through malware directed to me, and malware in CVs,” she said. “This is a new situation for universities, where systems are very open to facilitate sharing. This can be seen both as a threat and a business opportunity. I think it’s a huge opportunity to uplift the security of the sector.”
Professor Slay said universities need cyber tools but must have an equally strong focus on the human-related risks managed via security policies, procedures, governance, risk awareness, and training.
“We need to think carefully about how we are going to train practitioners for this aspect of cybersecurity, because we’re not going to all be there with our hand on the network,” she said.
as network segmentation for additional security layers inside the network. A key part of the University of Queensland’s upgrade is segmenting its network to “allow us to apply security at the right level,” said Pete Keeffe, Manager, Networks and Data Centres at the university.
While preventive approaches are still important, detection is now vital, according to Benny Ketelslegers, Senior Threat Researcher at Cisco Talos, Cisco’s threat and security research organisation.
“I’ve been tracking a lot of hacking groups,” he said. “I’ve seen that some of these groups have been targeting universities, because a lot of these universities have innovation centers and researchers that work with commercial companies, working on new technologies. They’re going after the IP, and the easy way to get that is by targeting the universities rather than the companies.”
Institutions also need to consider the security of infrastructure hardware, which he said can get released to the market with “very little default security setting.”
“With IoT, there is increased connectivity, and we need more effort in software development and engineering to secure them out of the box,” Ketelslegers said.