With the 2023 university applications already being wrapped up and institutions preparing to accept tens of thousands of new students in a matter of months, cyber security readiness on campus is vital, according to Doros Hadjizenonos, a regional director Southern Africa, Fortinet.
First year students are gearing up for university life with an array of networked technologies, while administrators and faculty are preparing to onboard and manage these new students.
Make no mistake, South African education systems are in the line of fire, just like other countries.
According to SNG Grant Thornton, a South African member firm of Grant Thornton International, local examples on cyber breaches include the University of Mpumalanga experiencing an attack on its bank accounts (Mungadze, 2021).
At the University of Johannesburg, a first year student's personal information was mistakenly leaked via email to all the students on the database.
Internationally, for example, the US, Illinois, Lincoln College was hit with a ransomware attack in May that they were unable to recover from.
In 2018, Chegg, the online textbook rental service, experienced a data breach that affected 40 million customers. Cybercriminals were able to steal usernames and email addresses, then decrypt and post the logins online.
However, students at the University of Cape Town (UCT) can rest more easily.
UCT’s focus on cybersecurity saw the institution in 2019 granted full membership of the Forum of Incident Response and Security Teams (FIRST), a recognised global leader in incident response dealing with cyber incidents.
Hadjizenonos says for both students and staff, cyber security has to be a top priority to make the 2023 academic year a safe and productive one.
“As higher education emerges from the past two years’ disruptions to the traditional education and campus environment, many colleges and universities are eager to get back to the model that has students on campus for the in-person experience. Others, however, are exploring hybrid models to expand their reach and flexibility. On both on-campus and hybrid learning scenarios, digital platforms are critical, and these have become a target for cyber attackers,” Hadjizenonos says.
This as education institutions struggle against threats of ransomware, hacking, phishing and social engineering as they work to protect sensitive research and student data.
Fortinet warns that cyber attacks can have serious compliance implications, interrupt operations, and can also impact a school’s reputation and revenues.
Research from Kaspersky, a multinational cybersecurity and anti-virus provider, has found that over the course of 2021, there was a 45% increase in the incidence of spyware on computers used for industrial control system purposes when compared to the previous year.
“The challenge is compounded by the cyber security skills shortage, particularly as education institutions can be at a disadvantage when competing with employers in the tech sector to hire information security professionals,” it says.
Worryingly KPMG’s Africa Cyber Security Outlook 2022 Survey found that 75% of companies encounter challenges in recruiting and retaining qualified cyber professionals and only one in three have access to a sufficient talent pool.
But Hadjizenonos says identifying cybersecurity as a top-of-mind issue does not always equal action.
The Collegis Education ebook, Higher Ed Cybersecurity Landscape: 2022, states that while there is no magic bullet to prevent all incidents, understanding widespread vulnerabilities, common types of cyber attacks and how to prevent them could help your institution develop solid security strategies to safeguard data and resources.
As institutions move to grow further into the digital realm, a chief information security officer (CISO) is the key enabler to drive the necessary actions and solutions to support the introduction of more digital channels and deliver an acceptable return on the security investment.
“CISOs should be playing to their strengths as communicators as they talk to the CIO, campus leaders, the deans, directors and other influencers. They should be also sending their own note to faculty, researchers, staff and students addressing their cyber needs,” Hadjizenonos says.
“They need to have a table at strategic level, where administrators and leaders define the new normal for education, and future strategies for hybrid learning in order to find a way to connect those conversations to reducing the campus mean time metrics for detection and remediation.”
In an article, titled: Elevating cybersecurity on the higher education leadership agenda, Nazeer Essop, a partner: Government & Public Services Leader at Deloitte Southern Africa, wrote that universities were a frequent target for cyberattacks because of the sensitive data their IT systems often house, combined with the vulnerabilities that come with an open-access culture.
He wrote that successful higher education cybersecurity required communication between the IT department and institutional leaders, so they could be more effective in preventing attacks and bouncing back after an incident occurs.
Essop says from ransomware attacks and breaches compromising the personal information of students, faculty, and staff to denial-of-service attacks that rendered learning-management and other systems unavailable during important times, cybersecurity threats posed an increasingly common business risk to colleges and universities.
Other experts says universities should require end users to go through training that covers what phishing is and how to recognise it.
BUSINESS REPORT