Primary and secondary education aside, a group of 9581 schools with 4030717 students (1), the education sector in Australia is a $135.5 billion dollar industry. It is also an industry that is increasingly targeted by cyber criminals (2).
Tertiary education in Australia is formal education beyond high school, consisting of both government and private institutions and divided into two sectors; vocational education and training (which includes TAFEs) and higher education (which includes universities). Australia has a comparatively high proportion of international students as a percentage of students enrolled, at 26.5% in 2018. Australia has the fifth-highest number of foreign students worldwide.(3)
The education sector is experiencing a huge spike in cyberattacks. In fact, Australia is the 4th most targeted country in the world. Check Point Research (CPR) found the education sector to have the highest volume of cyber attacks for July, with an average of 3,934 attacks documented per organisation, impacting schools, universities and research centres each week.
In more than half of the countries studied by CPR, the education sector is the most attacked sector, and in 94% of them, the education sector is in the top three most attacked sectors. (4)
“Cyber criminals tend to target organizations and industries that they know are vulnerable,” information technology publication TechRepublic wrote in its analysis. Schools and universities are vulnerable for several reasons. Firstly, they have had to switch to remote learning an area that they had previously mostly not been involved in. Secondly, they collect and store a considerable amount of personally identifiable information (PII) and thirdly until recently they have, on the whole, not been a target of cyber attacks.
An example of the types of attacks that the education sector is being subjected to globally is the 2018 attack on the Australian National University in Canberra.
For weeks, hackers quietly trawled through the computer system of the Australian National University (ANU) in Canberra.
It was months before ANU even realised the hackers had broken in, and almost a year later it remains a mystery just how damaging the attack was.
ANU was likely targeted as it is the university of choice for an Australian wanting to become a diplomat. Former students include Bob Hawke, Kevin Rudd, Annastacia Palaszczuk and Barry O’Farrell, Indonesia’s former foreign minister Marty Natalegawa and former New Zealand opposition leader and governor of the Reserve Bank Don Brash. There are many, many more bureaucrats who now fill senior government roles in Australia and internationally who were ANU students. Australia is also part of the Five Eyes alliance so there’s a relationship with American military and intelligence.
“It’s likely to be China, frankly, they’ve got strong interests in Australia for a number of different reasons,” Tom Uren said. There is no evidence that the information has been used by criminals for identity fraud to date. Whilst in this instance it is likely a state player there is plenty of criminal involvement in cyber attacks on educational institutions due to the value of the information that can be accessed.
A forensic investigation of the hack has been unable to determine the full extent of the attack and has been challenging as the hackers were very thorough in deleting evidence of their activities. It has been determined that names, addresses, phone numbers, dates of birth, emergency contact details, tax file numbers, payroll information, bank account details and student academic records were stolen. The database that this information was stored on held 19 years of records but only a fraction of the available data was stolen, and intellectual property and research information was by passed.
The attack was possible because of the university’s old computer network, rather than the result of a single user not downloading a security upgrade.(5)