Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

News

« Older Entries

Avoid phishing with these simple tips

Tuesday, October 31st, 2023
 
Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organisation, to get us to respond.
 
The good news is we can avoid the phish hook!

Check out these tips to keep your account secure. 

Security awareness and training will become part of a continuous effort, but your vigilance remains our best protection. Be vigilant to safeguard yourself, our colleagues and our university against phishing attacks.

Cybersecurity is everyone’s responsibility. Towards a more secure SU!

Email

Posted in Communication, News, phishing | Comments Off on Avoid phishing with these simple tips

Computer Literacy and Digital Literacy – not the same thing

Wednesday, June 7th, 2023

Computer and Digital Literacy are two separate things, but they go together. For us to be effective, responsible technology users, we need to have both. In this article we explore the difference between these two concepts, and why it is important to develop digital literacy skills.

What is computer literacy?

Computer literacy is defined as the knowledge and ability to use computers and related technology efficiently, with skill levels ranging from elementary use to computer programming and advanced problem solving. Those who are computer literate have the ability to perform basic tasks on the computer. For example, switching on your computer, knowing how to access the internet, navigating a browser, and operating software systems, and completing any other tasks that make it possible to do your job.

What is digital literacy?

Digital literacy is the ability to navigate our digital environment using reading, writing, critical thinking and technical skills. It’s about using technological devices such as a smartphone, laptop or tablet, to find, evaluate and communicate information. So, digital literacy goes beyond computer literacy because it gives individuals the power to connect around the world. 

Why is digital literacy important?

Digital literacy skills are essential for participating in the modern economy. Digital literacy can play a powerful role in helping people connect, learn, engage with their community, and create more promising futures. Simply reading articles online does not address digital literacy, so it is important for everyone to understand the variety of content and possibilities that are accessible online.

  • Efficient Communication: Digital literacy improves communication that creates a more efficient workflow. It allows employees to communicate with each other through various platforms, such as email, instant messaging, video conferencing, and social media.
  • Enhances Problem-Solving Skills: With digital literacy, employees can access vast amounts of information through the internet, which allows them to research solutions to complex problems, find relevant data, and make informed decisions.
  • Increases Efficiency: Digital tools such as automation, online collaboration platforms, and project management software can increase efficiency in the workplace.
  • Improves Creativity: Digital literacy can also foster creativity in employees by providing access to various digital tools that can unleash their creative potential and produce high-quality content.
  • Better Time Management: Digital literacy can help employees manage their time more effectively.
  • Online Security: Digital literacy skills help individuals understand the importance of securing their online information and the potential risks of cyber-attacks.
  • Artificial Intelligence (AI): Digital literacy skills are crucial for leveraging AI’s benefits.
  • Big Data: Digital literacy skills have become essential for individuals to interpret and analyse vast amounts of data effectively.
  • Social Media: Digital literacy skills are essential for using social media safely and responsibly. It enables individuals to identify potential risks associated with social media.

Start your digital literacy pathway

With the Microsoft Digital Literacy classes, you can gain skills needed to effectively explore the internet. 

Sources:

YOTTABYTE

LinkedIn

Microsoft

Futurelab

SU IT Digital Literacy in a nutshell

Email

Posted in General, News, Security, Tips, Training | Comments Off on Computer Literacy and Digital Literacy – not the same thing

Post COVID challenges: On the ground experiences

Thursday, December 15th, 2022

When COVID-19 struck, the various teams working on the ground to ensure that Stellenbosch University (SU) runs seamlessly on all technological fronts suddenly faced enormous challenges.

Almost overnight, the technological needs in all sectors of the university – from System Administration to IT services, Student Support, and End User Support – had to shift to accommodate remote working.

Post-COVID, all these divisions have had to adapt to a new normal of hybrid working, teaching and learning. And, in true SU style, despite the unprecedented rollercoaster ride, all these teams have risen to the occasion – and are optimistic about the campus’s technological future.

Mario Randelhoff, Manager of System Administration, described the past two years as “one of the most challenging times of my life”. He and his 10-strong team of system and database administrators run all the critical computing systems which the university uses relating to emails, the human resources system, and the learning management system, etc.

“It’s our task to manage the configurations to ensure emails are sent securely from users on campus to external users. In terms of managing the learning management system, which is all on-premises in our data centre, we look after the machines, do installations, and manage security updates. We ensure the overall learning management system platform is always up to date and available. Managing the Human Resources system means we have to ensure all the technology for leave requests, salary payments, performance assessments, pension information etc., is up and running,” he said.

Mario’s department faced numerous challenges during COVID, many of which remain. “One thing was non-negotiable – the business of the university had to go on during lockdown,” Mario said. “From being spoilt with everybody being onsite in the university’s buildings and knowing where all the problems and hotspots were, everybody became separate “companies” that had to be serviced.

“When everybody started working remotely, we had to move fast to set up the technology to allow users to access the systems from where they were. We had to cater for very large numbers of users trying to access the systems and ensure they did this securely when accessing our more sensitive systems. This could not be done via the open internet without security. 

“Gearing our learning management system for 100 percent remote work was a massive task. We had to obtain more servers as well as build capacity to ensure the system worked fast and efficiently. We didn’t want students to click on a page and then wait ten minutes to log in. 

“The fact that everybody was working remotely brought many issues to the fore – we had to put cybersecurity measures in place to ensure people didn’t click on phishing emails and to protect them from viruses.

“We also had to roll out laptopsBecause of the culture of the university, many people working from their offices or the computer labs on campus didn’t necessarily have devices they could use from home. 

“It was stressful all over, getting to the new normal of working remotely while ensuring users had the same experience they would have had if they were working in the office. One of our biggest challenges as an operations team was that we couldn’t meet face-to-face. We had to adapt to online meetings. Then loadshedding would interrupt meetings, so we had to roll out UPS to team members so they could at least have a sustainable internet connection while working remotely.” 

Mario continued: “With COVID, lockdown, and loadshedding, it was a very stressful time. I had to coordinate everything from the systems side, and I also had to motivate my team to implement the changes in a short time.”

Mario, a father of two, said he never lost sight of the numerous personal struggles and work pressure he, his staff and all the university members were facing. What got him through, he said, is the fact that he does not get stressed out. “When others are stressing, that’s when I perform at my best.”

A challenge his department faces now is that having gotten through COVID, remote work has become “a hindrance”. “It is hard to keep a group dynamic going if everybody is working remotely. We do at least go in to work on Mondays for a face-to-face meeting. We also need to rebuild the interactions with the other technological teams.”

Another challenge, he said, is that the division currently has five vacancies, “but, in the post-COVID era, people have got used to working remotely and are not actually going for jobs where they need to be on site. This is a new problem that we are really experiencing firsthand.

Asked what new tech and other innovations are in the pipeline in his division, Mario said: “Technology has evolved so much we have to start onboarding more cloud services. We will start looking at migrating certain systems, such as our learning management system, to a cloud provider so we can scale it to many more people.

“From a team perspective, we have to work hard to change the mindset from traditional system administrators to thinking about being cloud architects and looking at deployment architecture and how to componentise the systems we look after. That’s where the mind shift needs to happen.” 

Allister Lesar, Head of ICT Student services, and his team are tasked with assisting students in all their ICT requirements to study, research, learn and achieve their goals at the university.

During COVID, he and his team of seven people had to quickly evolve and assist with quickly helping students and staff become capable of accomplishing their tasks remotely and enable remote learning from anywhere. They also had to roll out laptops to 2500 students overnight.

 

“We worked round the clock to ensure they received their laptops. Then we had to assist the students remotely with repairs and ensure the repaired laptops were couriered to them so their studies were not interrupted. We sent laptops to students in cities as well as in remote areas in Northern Cape and Limpopo.

“We also had to roll out WIFI hotspots as far as we could across the campus so that those students who were unable to go home could study safely on campus, in venues with limited numbers of people at a certain time. We shifted from a walk-in service for IT queries and repairs to an appointment basis only and we had to enable our remote workforce – who were accustomed to walk-in, face-to-face service – to assist students remotely.”

Allister said that, in the post-COVID era, students want to maintain the services of loaned laptops and remote working. “They’ve got used to studying in their rooms or at home, in uncrowded areas and are still asking for these resources. For instance, some students feel unsafe walking to the computer labs at night. While it is not financially viable to maintain this, we are trying to leverage programmes to assist them in that regard.”

Asked what’s in the technological pipeline in his division, Allister said they are looking at mobile device management solutions to enable remote services for students. We intend to secure all our endpoints so staff and students can use any device to study. For this to happen, we need to be able to pick up issues before they’ve even happened.” 

The COVID and post-COVID period have been tough, Allister said. “I worked till three in the morning and got up at seven to ensure the students got the help they needed. As a team, we galvanised each other by putting ourselves in the students’ shoes and imagining their strain. We drew on whatever energy we had. That’s what got us through. We focused on how to best help them through the situation.”

Ronel Reynecke, Head: End User Support and her 15-strong team, of whom some are based at the IT student centre and the rest at the main IT building, oversee the technical support for staff on campus.

“During COVID, the division had to instantaneously change from supporting users onsite to supporting users remotely to the best of our ability. That brought challenges on its own, as more remote support meant more licenses on the software we used to help our users, which of course, had a cost implication for IT. But, on the bright side, our users quickly became familiar with this software and we sometimes had to smile when, without even asking for the user ID, the users would start giving the ID almost before we could say good morning.

“Teams and Zoom (to a lesser extent) quickly became the default meeting platform, and specialised equipment followed in the lecture halls. It involved a great deal more work for the team and they had to do a lot of ‘hand holding’ to some staff to manage webinars and online meetings and to lecturers to implement the hybrid mode of teaching.

“Many things shifted for us. In terms of the devices we service, previously, there was a good divide between desktops and laptops, but during COVID, it immediately changed to laptops. We had large orders coming through for laptops, leading to insufficient storage space for all the devices while configuring the devices. 

“Then there was also the global semi-conductor shortage which led to a shortage of chips to make for example, laptop screens. COVID didn’t help and, while our delivery is normally two to three weeks, in some cases, it took almost a year, to get laptops.”

Further challenges included that “technicians who were accustomed to providing end-user support had to become Jacks of all trades. They also had to assist users with their home setups, and deal with internet connectivity issues, third-party software and printing issues at home. We had to connect everyone who had never worked from home or used VPN (virtual private networks) to access secure systems; and we had to migrate users who were still working on old VPN clients. We also had to explain to users that Anti-Virus updates had to run before VPN could connect and that it is enabled for MFA (multifactor authentication) which all contributed to better network security.”

Ronel said her team experienced a real “generational divide”, with the younger generation being better equipped for the technological changes than the older generation.

“Then there was also a digital divide, where some students did not have the funds to purchase laptops and data for connectivity. She said her team experienced first hand the fall-out of having to learn and teach new technologies. They had work to complete with deadlines and the new technology was strange and frustrating for them. So, apart from doing the normal IT tasks, they also calm the users down! We were almost like psychologists because people got so upset.   

“In the end, this took a huge toll on my staff, as some of them were even verbally abused by staff as they wanted to be helped instantaneously, never thinking that we might have had a rollover of calls.”

Ronel said several changes have already taken place in her department, and some are still to come. “The developments in the pipeline to improve customer experience include implementing Microsoft Intune (Microsoft cloud-based unified endpoint management service) to help manage the software of onsite and offsite devices; the hybrid joining of devices to Azure Active Directory to enable use of the full functionality of the Microsoft stack; and, the possible use of Windows as a service – a method of testing and releasing Windows features faster – to simply the work of IT support staff.”

When asked to look back on the challenges of COVID, and what was achieved, Ronel said: “COVID brought so many hardships and such heartache, but it pushed the boundaries in terms of our digital strategy. Tech experts predicted it could take up to seven years to get to where we are now and that all happened in the past two years. We had to push the boundaries and get into an entirely new digital era. 

“My team and I learnt so much. In fact, I feel so empowered, having learnt so much and I know that we can do even more when we work together as a team. We should learn from our experience and embrace the change.”

Petro Uys, Head: IT Service Desk, and her team of six people are tasked with first-level troubleshooting with all IT-related queries.

“We receive a very high volume of calls – especially since COVID meant that many people are working from home. This development added numerous requirements among users. 

“A key part of our work is to pick up trends, for instance, if people start calling in and say they can’t access SUNlearn – our learning management system – my team must immediately inform me so that we can deal with the issue. We immediately inform the second and third levels of the trends. It is vital for us to pick up trends and escalate them to get to the root cause.“Before COVID, when everyone was on campus it was easy to, for instance, change your password. Now that users are based at home, they cannot change their password and connect without issues. They must take additional steps for their new password to be recognised on their laptop. It was a huge challenge just to get people connected from home.”

Petro said the technological needs dealt with by her team had shifted substantially during COVID. “Our first challenge was to set up our team to be able to work from home. Some only had ADSL and limited connectivity from home. 

“On the customer side, they were frantic – they didn’t know how to connect from home; for instance, a VPN is needed for specific purposes, such as working with the financial or HR system. We spent a lot of time just calming the users down and telling them it was not that bad!

“Other challenges were to get our information out to users in good time. From an IT side, it takes time to get the right information to the people because you need to test it and ensure it’s the correct information. For example, people have different cell phones. We introduced multifactor authentication just to verify our staff members, but it was challenging because people struggled to verify themselves.

“So, testing and verifying information and getting it to our people was vital. We had to ensure our service catalogue was up to date every day.”

Petro added that the IT Service Desk has been receiving numerous security-related service requests. “This includes SPAM and spoofing emails. Users must be empowered with information from IT to be able to deal with these in the correct way. They must not open these emails and click on the links in the emails, or provide their credentials, as this can result in their accounts being compromised.

“The IT Service Desk acts as a gatekeeper and must have sufficient knowledge to protect users from doing the wrong thing, especially if they don’t know what to do.”

Asked what’s in the pipeline in terms of new directions and new technologies, Petro said a key task among her staff members is “to get them to really understand what the university is about, and to motivate them to strive to work towards the university’s vision and mission, so we all work towards the same goal”. 

“In terms of technology, I am pushing to start using chatbots and AI to enable self-service for users with queries. I also hope to implement extended service hours in our division. Currently, we work from 8 am to 4.30 pm, Monday to Friday. That’s not good enough in the modern world. We must look at our service hours, especially with all the loadshedding.”

Asked how she dealt with the challenges, Petro said: “I’m an in-the-moment person. I make the best of every moment and don’t overthink things. That really got me through the pandemic. I knew that I had to just carry on and to motivate the people we were dealing with. I just made sure I was present for my team and for those I served.”

 

 

Email

Posted in News, Our people | Comments Off on Post COVID challenges: On the ground experiences

SU takes great leap forward into cloud era

Monday, October 24th, 2022

hand touching visual screen with icons floating above it

Stellenbosch University is currently in the process of taking a “great leap forward” into the “cloud” era, which will see the new finance and student systems, SUNFin and SUNStudent, operating in the cloud.

This is not only going to make all the difference to security against cyber threats but will also make the university’s systems more efficient and accessible, in a number of ways, for students and staff. The move into the cloud, which is the culmination of years of work, will take SU into an entirely different risk profile, said Marc-Allen Johnson, acting director IT Institutional Software Systems at SU.

“This is a big step in the right direction, as the threat of cyber fraud at universities is growing all the time, all over the world,” Mr Johnson said in an interview. To date, most of the university’s administrative systems have been housed on premises, in a data centre on campus. “But now they will be housed in the cloud, running in data centres in Johannesburg and Cape Town, and according to the latest standards in technology, to ensure that the personal information of both students and staff remains secure,” Mr Johnson said.

“At the same time, once fully operational, it will be possible to access the systems from anywhere without having to be affected by loadshedding or interrupted internet connectivity on the Stellenbosch campus. So, we are providing a much-improved service, while ensuring a secure system.”

Elaborating on the two new systems, SUNFin and SUNStudent, Mr Johnson said SUNFin refers to the university’s new financial system. “It is an Enterprise Resource Planning (ERP) system that SU will use to manage day-to-day business activities of the Finance capability within the organisation. It manages all the key financial requirements that a university has to fulfil to ensure that the books balance, that people get paid and that we manage our finances well. The implementation of the SUNFin project has been under way for the last two to three years.”

“SUNStudent refers to the new system that supports the Student Administration capability and all the related student services. The SUNStudent system will usher in a modern, integrated and cloud-based solution that will allow key university capabilities like Registration, Bursary Awards, Assessment and Degree Audits to be supported in a secure way. Although the staff and students have always had access to self-service functionality, the modernised interface provides it all levels. The new Application and Admission process went live in 2021 and facilitated a significant jump in the number of applicants and demographic.”

Mr Johnson said the university is planning to be fully operational with both systems by the end of next year. The application and admissions functionality of SUNStudent have already been live for two years.

He said that, for the IT team at the university, the new moves address “quite a few risks”. “We have legacy administrative systems of between 20 and 30 years old at the university. Through the years, the demands on these systems have been continuously growing and the world continues to throw security challenges our way. We’ve responded by making changes ourselves, but the technical debt has grown untenable over the years. Coupled with a technology that the industry is not actively pursuing anymore and people who have been part of building these systems retiring, it was necessary to make a leap.

“So, it is a great relief for me to see us moving into a new era where we are implementing software solutions that will last another 30 years. It is also exciting to know that, from now on, our system will be continuously improving and remain up to date.”

Part of the improved efficiency, he said, was the fact that the IT Division will work in close partnership with vendors like Oracle and Serosoft “to ensure that we have security by design”.

“We also know that we are not their only client, which means that we benefit from the collective. For instance, if they implement enhanced security measures, or conduct vulnerability tests for one client, they implement it for all of us. That is one of the benefits of going to the cloud –the vendor takes responsibility to keep the system up to date and secure according to a contract.”

Mr Johnson said that in the past many institutions bought software “off the shelves from a vendor” and then tried to maintain their systems themselves.

“But then they fall behind the latest versions and patches which opens them up to security risks. By moving to the cloud, Stellenbosch University will receive regular updates and be assisted regularly, and we will not fall behind as new functionalities are released.”

Mr Johnson said that the mechanisms implemented by the new systems will be a great deterrent to the ever-present cybersecurity threats.

“I recall a quote, often attributed to Thomas Jefferson, – “The price of freedom is eternal vigilance” – and it really rings true. With these new systems, we have invested in a solution that will continuously be kept up to date. Yes, along with the vendors, our team will have to be continuously vigilant, but it means newly discovered vulnerabilities will be quickly patched by our partners. We are contractually partnered with our vendors to provide that level of surety.”

Mr Johnson said once the system is up and running, “we will all sleep easier”.

“As the research shows, one of the most difficult IT challenges at any institution is to implement a new system. It involves a lot of change and the switchover from the one system to the other is a risk that can be easily exploited by people wanting to do harm.

“For instance, if cyber criminals know that a new system is being implemented, they could send out an email to a student or staff member and invite them to click on a link to be “onboarded” on the new system – potentially leading to compromised credentials. During this period of transition, we have to promote a heightened awareness and ensure we educate all students and staff about the risks. Our teams monitor and respond to phishing attacks like these that target our users. One of the measures that counter the reach of these attacks is to implement multi-factor authentication. For instance, when you log into the system, you receive a prompt to either supply a one-time PIN or approve the log in using a mobile app. For many staff and students, it feels like a burden, but that simple act is an important deterrent, because if someone gets hold of your username and password it makes it much harder to get past that hurdle.

“We can try to put in place as many security measures as we can, but if the attacker manages to use phishing techniques to trick a student or staff member to disclose their username or password, it could give the attacker access to sensitive information. This is a critical threat to administrative systems and something we are obviously concerned about, hence measures like Multi-factor Authentication.”

Mr Johnson continued: “SUNFin and SUNStudent will not only provide better functionality, to enable us to become a more modern and efficient university, but they will also make us more resilient to cyber-attacks. However, we really need everyone’s help to be vigilant by educating oneself and being on the lookout for suspicious messages. All students and staff are encouraged to reach out to us if they have any doubts or queries about suspicious emails or notifications they receive. Our IT support desks and relationship managers are there to assist, especially during this transition period to final implementation of SUNFin and SUNStudent.”

Email

Posted in General, News | Comments Off on SU takes great leap forward into cloud era

Risks of cybersecurity have become massive in higher education sector globally

Monday, October 24th, 2022

hacker phishing scam

Universities around the world are facing ever increasing cybersecurity risks, particularly in the post-pandemic world – and Stellenbosch University is not immune to these threats. Even before Covid-19 struck, higher education institutions were already gathering vast amounts of data from students and staff – and now, with more hybrid and remote offerings, requiring even more information, the risks of cybersecurity have become massive.

The risks for these data rich institutions are wide ranging and include ransomware attacks, business email compromises, data and privacy breaches, as well as adversary-in-the-middle attacks, said Brian Mhembere, the Cybersecurity and Technology Risk Specialist in the ICT division at Stellenbosch University.

Brian, who has a background in IT in the banking, mining, health and financial services sectors, has seen and heard it all when it comes to cybercrimes. With his finger on the pulse of global cyber trends, and with first-hand experience of the havoc that cyber fraud can create, he has, in the past, been asked to share his expertise in interviews on television and on radio. He was even interviewed on the 8pm news on ETV ahead of Black Friday, where he warned South Africans of all that can go wrong when shopping online.

Now, as a key cyber “sleuth” at Stellenbosch University, he’s determined to ensure that the valuable student and research data stay safe.

“There have been a lot of data breaches in higher education institutions mainly through phishing attacks – attacks aimed at compromising personal identifiable data or to reveal personal sensitive information like credit card numbers, bank information or passwords,” he said in an interview.

Brian explained that ransomware attacks take place when a cybercriminal threatens to use technology to either publish or permanently block a victim’s personal data unless a ransom is paid. A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.

An adversary-in-the-middle attack is when an adversary intercepts communication channels between two components, with the aim of either altering the message or data, or compromising the integrity of the data a person is trying to transmit, with the result that the message reaches the intended recipient with altered information or configuration.

Brian was responsible for the recent cybersecurity maturity assessment and report on cybersecurity at the campus. The analysis was done using the ISO27001 standard and the National Information Security Technology (NIST) cyber-security framework, which uses a Capability Model Maturity (CMM) tool to analyse where the weaknesses lie in the whole IT environment. The CMM tool guides the analysis of the entire IT environment with controls mapping and scoring exposing gaps, in accordance with the ISO/IEC27001 standards.

“The report did not find anything out of trend with most universities around the world,” Brian said. “Our university falls in line with the current state of cybersecurity maturity of most other South African universities. There is still some work to be done to improve the cybersecurity of all these institutions. Our maturity is very low compared to universities in the UK and America, but better than that in some other countries in Africa.”

He said the audit was conducted during April and May 2022 and the report has not yet been published or made public.

“Even if we knew the findings, we would not make them public, because anyone who reads this article would know what our weaknesses are,” he said. “Even if SU had ever had an attack, we would not speak about it in the public domain. There have been attempts but we are able to monitor and protect most attacks.”

Brian said the issue of cybersecurity at the university keeps him on his toes, but this is nothing new. “When I was working as head of IT in one of the major private hospital groups, we had an incident with ransomware called Wanacry. One of our managers’ PC was encrypted by the hackers as she clicked on an attachment sent by email which contained some malicious code. Luckily, my office was right next to hers. I was able to run through and I saw her computer countdown times which said they were encrypting all her data on the computer unless she sent an amount in Bitcoin.

“We managed to quickly isolate her workstation and to disconnect it from the Internet, but it was too late to avoid the encryption on that workstation. However, we managed to prevent it from propagating through the network. We lost all the data on her machine, but because we had a good business continuity plan, we restored the data on her machine from our backups.”

In a humble deflection of his own vital role, Brian said: “This colleague saved the day. She followed all the awareness products we were pushing which is a major thing, as users are first and last in the line of defence. I have always placed a huge emphasis on user awareness and on campaigns to create what we call the the human firewall against cyber fraud.”

Brian, who grew up in Harare, Zimbabwe, has always been intrigued with information systems. He completed a Bachelor of Science, Honours degree in Information Systems, Diplomas in Telecoms Engineering, and Networking whilst working in various sectors. He is a Certified Information Security Manager from Information Systems Audit and Control Association (ISACA) and has since completed a range of other cybersecurity certifications and, in 2018, completed a Masters in Information Systems from the University of Cape Town.

“This is really very interesting work, as well as being very important,” he said. “In the age of digital transformation, everything is moving online and onto the cloud. It’s exciting to be part of this huge transformation and to educate users on best practices.

“Of course it keeps me up at night,” he said, of his role at Stellenbosch University. “But thankfully, our current chief director of IT has prioritised cybersecurity at the campus. We both recognise how important it has become in today’s world, especially for universities relying on remote working which was necessitated by the pandemic.”

He said the IT division is assessing the findings of the university’s audit into cybersecurity and is now working on implementing the recommendations from the report so as to strengthen their security and control in the digital sphere.

Brian said he tries to keep up to speed on cybercrimes, locally and internationally. “Recently, Uber was hacked. There were data breaches, and the matter is still under investigation. Each incident teaches us lessons. We learn how they were compromised, what their vulnerabilities were – and we compare this with ourselves. We ask ourselves, ‘if this happened to us would we be able to defend ourselves?”

He also cited numerous recent articles on the subject of cybersecurity, particularly in higher education. Part of his job, he said, is to keep up to speed on all developments in cyber fraud, which involves reading research, articles and journals on the subject. During the interview, he gave figures and case studies from various studies, including the Bank of America, Checkpoint, Sophos and Verizon.

“For example, the IT security company, Sophos recently published its report, The State of Ransomware in Education 2022 in which they gave insights into the ‘ever more challenging attack environment’ in which the education sector finds itself,” he said.

“Key findings are that ransomware attacks on education have increased – 64 percent in higher education were hit in 2021. Education is the sector least able to stop data being encrypted in an attack – higher education reported the highest data encryption rate of all sectors at 74%.

“The study also found that … education has below average cyber insurance coverage rates – only 78% of education organisations have cyber insurance coverage against ransomware compared with the global average of 83%. Many education organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance.”

Cybersecurity should be a priority project for SU, Brian said. “So much could go wrong when a university is targeted. For example, when data breaches happen with student admissions and other personal data, a university can be fined by the regulator in terms of the POPI act. If our systems are compromised, the university could be forced to pay a breach fine of up to R10 million – or ten years in jail.

“We need to be always searching for the gaps. Hackers work 24/7 and always come up with new ways to compromise and breach systems for corporate espionage, financial gain, or national security espionage. We have to keep abreast with what’s happening in the world as it filters back to us.

“I’m so glad that SU’s senior management has bought into the importance of cybersecurity. To have an organisation with a chief director of IT who gives her full support – from budgetary support to moral support – on the importance of cybersecurity is hugely valuable.”

Image credit: Thomaguery; Getty

 

 

 

 

 

 

Email

Posted in General, News, Security | Comments Off on Risks of cybersecurity have become massive in higher education sector globally

« Older Entries
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.