Despite the highly interconnected nature of the Australian higher education sector, there are numerous challenges faced by both research departments and corporate IT across universities and other educational institutions.
The implementation of security measures is a widespread issue, primarily due to the expansive deployments of IT infrastructure and unmanaged purchasing practices of independent faculties within Universities.
In research environments, these risks are elevated due to the sensitive nature of intellectual property and the unique data they handle, which are attractive targets for cyber threats. A report by Check Point found that attacks on educational institutions are growing faster than any other sector.
The sector is also under significant pressure to upgrade its cybersecurity protocols and compliance measures due to evolving regulations. Changes to the Security of Critical Infrastructure (SOCI) Act in 2022 have imposed new compliance requirements on higher education facilities, which are now considered part of the critical sector if they are ‘owned or operated by an entity that is registered as an Australian university on the National Register of Higher Education Providers’.
This regulatory pressure, combined with the unique vulnerabilities of the academic environment and an often reactive approach to cybersecurity, creates a complex landscape that institutions are struggling to navigate.
Australian Cybersecurity and Higher Education Research Departments
Research departments in Australian higher education institutions (HEIs) face a range of unique challenges due to the following:
- Intellectual Property Risks: University Research departments are hubs of innovation, often dealing with sensitive, pre-publication findings and potentially patentable innovations. This data is a gold mine for cyber adversaries, making research departments prime targets for intellectual property theft and espionage.
- Open Collaboration Environment: University Research Departments have long thrived on collaboration across borders and institutions. This sharing of data and network access across institutions and end users significantly widens the attack surface. This increase in end users is potentially the biggest cyber challenge faced by research departments. This increase in end users is potentially the biggest cyber challenge faced by research departments. Securing these end users, faculty, staff, and researchers, who make the data vulnerable to phishing and ransomware campaigns is crucial to protecting research. With the shift to remote work, vulnerabilities have only increased, with thousands of vulnerable endpoints appearing on laptops, tablets, and mobile phones. Without proper research security policies in place, it’s not a matter of if these entry points will be exploited, but when.
- Advanced Technology: Research departments often cutting-edge and experimental technology with custom configurations that may not yet be fully security tested. This technology diversity can include everything from high-performance computing assets to custom-built systems, each with its own set of vulnerabilities.
- Handling of Sensitive Data: Higher education research projects often involve sensitive information, including human subject data and classified information, which require high levels of protection. The handling and storage of such data is subject to strict regulatory and funding requirements, which can vary greatly depending on the nature of the research and the sources of funding.
- Regulatory Compliance Pressures: Compliance with specific security standards imposed by funding bodies or regulatory authorities adds another layer of complexity to the above challenges. Research funded by certain government agencies, for example, may require adherence to specific cybersecurity frameworks that exceed typical university IT security measures.
Securing the Digital Frontier: Cybersecurity Challenges in Corporate IT at Australian Universities
Australian Universities also face distinct cybersecurity challenges in their corporate IT departments, which play a critical role in managing sensitive administrative and student information, maintaining extensive network infrastructures, and defending against common cyber threats.
- Administrative and Student Data: University corporate IT departments are responsible for the secure handling of sensitive data such as student records, financial details, and HR information. A breach in these areas can lead to serious legal, financial, and reputational consequences.
- Phishing and Ransomware: Like other organisations, higher education IT departments are frequently targeted by phishing and ransomware attacks. This was seen recently when the Queensland University of Technology became the victim of a ransomware attack that involved the leaking of sensitive data, including human resources files, email communications, and ID cards. These attacks can significantly disrupt administrative functions and student services—QUT had to shut down the entire IT System—highlighting the need for ongoing internal security training, and a proactive cybersecurity posture with robust response strategies.
- Network Complexity: The network infrastructure of universities is typically extensive, often spanning multiple campuses and supporting remote access for a diverse range of users. This complexity creates a larger attack surface and introduces significant management challenges, making the network more susceptible to cyberattacks.
- Legacy Systems: Many university IT departments still rely on legacy systems that are challenging to secure and update. Budget constraints and compatibility issues often complicate efforts to replace or upgrade these systems, leaving them vulnerable to newer, more sophisticated cyber threats.
Advent One: Pioneering Cybersecurity Innovations for Australian Higher Education
Advent One’s commitment to fortifying cybersecurity in the higher education sector is exemplified through its comprehensive range of tailored IT solutions. By specialising in infrastructure, cloud, security, and automation services, Advent One plays a pivotal role in enhancing cybersecurity measures across a vast network landscape, by safeguarding sensitive research data and integrating state-of-the-art technologies like AI and blockchain. Our work with prestigious institutions such as Monash University and the Murdoch Children’s Research Institute underscores our capability to address and mitigate the unique challenges that these environments face.
As Australian HEIs continue to explore new frontiers in education and research, the importance of robust cybersecurity infrastructure cannot be overstated. Advent One’s expertise not only supports universities’ current needs but also anticipates future security challenges, ensuring that Australian universities can thrive in an increasingly digital world without compromising on safety or innovation.
To learn more about how Advent One can enhance your institution’s cybersecurity posture, book a meeting with us today!