{"id":15850,"date":"2022-10-24T11:10:58","date_gmt":"2022-10-24T09:10:58","guid":{"rendered":"https:\/\/blogs.sun.ac.za\/it\/?p=15850"},"modified":"2022-10-24T20:10:45","modified_gmt":"2022-10-24T18:10:45","slug":"risks-of-cybersecurity-have-become-massive-in-higher-education-sector-globally","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2022\/10\/risks-of-cybersecurity-have-become-massive-in-higher-education-sector-globally\/","title":{"rendered":"[:en]Risks of cybersecurity have become massive in higher education sector globally[:]"},"content":{"rendered":"

[:en]<\/p>\n

\"hacker<\/p>\n

Universities around the world are facing ever increasing cybersecurity risks, particularly in the post-pandemic world \u2013 and Stellenbosch University is not immune to these threats. Even before Covid-19 struck, higher education institutions were already gathering vast amounts of data from students and staff \u2013 and now, with more hybrid and remote offerings, requiring even more information, the risks of cybersecurity have become massive.<\/p>\n

The risks for these data rich institutions are wide ranging and include ransomware attacks, business email compromises, data and privacy breaches, as well as adversary-in-the-middle attacks, said Brian Mhembere, the Cybersecurity and Technology Risk Specialist in the ICT division at Stellenbosch University.<\/p>\n

Brian, who has a background in IT in the banking, mining, health and financial services sectors, has seen and heard it all when it comes to cybercrimes. With his finger on the pulse of global cyber trends, and with first-hand experience of the havoc that cyber fraud can create, he has, in the past, been asked to share his expertise in interviews on television and on radio. He was even interviewed on the 8pm news on ETV ahead of Black\u00a0Friday, where he warned South Africans of all that can go wrong when shopping online.<\/p>\n

Now, as a key cyber \u201csleuth\u201d at Stellenbosch University, he\u2019s determined to ensure that the valuable student and research data stay safe.<\/p>\n

\u201cThere have been a lot of data breaches in higher education institutions mainly through phishing attacks \u2013 attacks aimed at compromising personal identifiable data or to reveal personal sensitive information like credit card numbers, bank information or passwords,\u201d he said in an interview.<\/p>\n

Brian explained that ransomware attacks take place when a cybercriminal threatens to use technology to either publish or permanently block a victim\u2019s personal data unless a ransom is paid.\u00a0A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.<\/p>\n

An adversary-in-the-middle attack is when an adversary intercepts communication channels between two components, with the aim of either altering the message or data, or compromising the integrity of the data a person is trying to transmit, with the result that the message reaches the intended recipient with altered information or configuration.<\/p>\n

Brian was responsible for the recent cybersecurity maturity assessment and report on cybersecurity at the campus. The analysis was done using the ISO27001 standard and the National Information Security Technology (NIST) cyber-security framework, which uses a Capability Model Maturity (CMM) tool to analyse where the weaknesses lie in the whole IT environment. The CMM tool guides the analysis of the entire IT environment with controls mapping and scoring exposing gaps, in accordance with the ISO\/IEC27001 standards.<\/p>\n

\"\"<\/p>\n

\u201cThe report did not find anything out of trend with most universities around the world,\u201d Brian said. \u201cOur university falls in line with the current state of\u00a0cybersecurity maturity of most other South African universities. There is still some work to be done to improve the cybersecurity of all these institutions. Our maturity is very low compared to universities in the UK and America, but better than that in some other countries in Africa.\u201d<\/p>\n

He said the audit was conducted during April and\u00a0May 2022\u00a0and the report has not yet been published or made public.<\/p>\n

\u201cEven if we knew the findings, we would not make them public, because anyone who reads this article would know what our weaknesses are,\u201d he said. \u201cEven if SU had ever had an attack, we would not speak about it in the public domain. There have been attempts but we are able to monitor and protect most attacks.\u201d<\/p>\n

Brian said the issue of cybersecurity at the university keeps him on his toes, but this is nothing new. \u201cWhen I was working as head of IT in one of the major private hospital groups, we had an incident with ransomware called Wanacry. One of our managers\u2019 PC was encrypted by the hackers as she clicked on an attachment sent by email which contained some malicious code. Luckily, my office was right next to hers. I was able to run through and I saw her computer countdown times which said they were encrypting all her data on the computer unless she sent an amount in Bitcoin.<\/p>\n

\u201cWe managed to quickly isolate her workstation and to disconnect it from the Internet, but it was too late to avoid the encryption on that workstation. However, we managed to prevent it from propagating through the network. We lost all the data on her machine, but because we had a good business continuity plan, we restored the data on her machine from our backups.\u201d<\/p>\n

\"\"<\/p>\n

In a humble deflection of his own vital role, Brian said: \u201cThis colleague saved the day. She followed all the awareness products we were pushing which is a major thing, as users are first and last in the line of defence. I have always placed a huge emphasis on user awareness and on campaigns to create what we call the the human firewall<\/em> against cyber fraud.\u201d<\/p>\n

Brian, who grew up in Harare, Zimbabwe, has always been intrigued with information systems. He completed a Bachelor of Science, Honours degree in Information Systems, Diplomas in Telecoms Engineering, and Networking whilst working in various sectors. He is a Certified Information Security Manager from Information Systems Audit and Control Association (ISACA) and has since completed a range of other cybersecurity certifications and, in 2018, completed a Masters in Information Systems from the University of Cape Town.<\/p>\n

\u201cThis is really very interesting work, as well as being very important,\u201d he said. \u201cIn the age of digital transformation, everything is moving online and onto the cloud. It\u2019s exciting to be part of this huge transformation and to educate users on best practices.<\/p>\n

\u201cOf course it keeps me up at night,\u201d he said, of his role at Stellenbosch University. \u201cBut thankfully, our current chief director of IT has prioritised cybersecurity at the campus. We both recognise how important it has become in today\u2019s world, especially for universities relying on remote working which was necessitated by the pandemic.”<\/p>\n

He said the IT division is assessing the findings of the university\u2019s audit into cybersecurity and is now working on implementing the recommendations from the report so as to strengthen their security and control in the digital sphere.<\/p>\n

\"\"<\/p>\n

Brian\u00a0said he tries to keep up to speed on cybercrimes, locally and internationally. \u201cRecently, Uber was hacked. There were data breaches, and the matter is still under investigation. Each incident teaches us lessons. We learn how they were compromised, what their vulnerabilities were – and we compare this with ourselves. We ask ourselves, \u2018if this happened to us would we be able to defend ourselves?\u201d<\/p>\n

He also cited numerous recent articles on the subject of cybersecurity, particularly in higher education. Part of his job, he said, is to keep up to speed on all developments in cyber fraud, which involves reading research, articles and journals on the subject. During the interview, he gave figures and case studies from various studies, including the Bank of America, Checkpoint, Sophos and Verizon.<\/p>\n

\u201cFor example, the IT security company, Sophos recently published its report, The State of Ransomware in Education 2022 in which they gave insights into the \u2018ever more challenging attack environment\u2019 in which the education sector finds itself,\u201d he said.<\/p>\n

\u201cKey findings are that ransomware attacks on education have increased \u2013 64 percent in higher education were hit in 2021. Education is the sector least able to stop data being encrypted in an attack \u2013 higher education reported the highest data encryption rate of all sectors at 74%.<\/p>\n

\u201cThe study also found that \u2026 education has below average cyber insurance coverage rates \u2013 only 78% of education organisations have cyber insurance coverage against ransomware compared with the global average of 83%. Many education organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance.\u201d<\/p>\n

Cybersecurity should be a priority project for SU, Brian said. \u201cSo much could go wrong when a university is targeted. For example, when data breaches happen with student admissions and other personal data, a university can be fined by the regulator in terms of the POPI act. If our systems are compromised, the university could be forced to pay a breach fine of up to R10 million \u2013 or ten years in jail.<\/p>\n

\"\"<\/p>\n

\u201cWe need to be always searching for the gaps. Hackers work 24\/7 and always come up with new ways to compromise and breach systems for corporate espionage, financial gain, or national security espionage. We have to keep abreast with what\u2019s happening in the world as it filters back to us.<\/p>\n

\u201cI\u2019m so glad that SU\u2019s senior management has bought into the importance of cybersecurity. To have an organisation with a chief director of IT who gives her full support \u2013 from budgetary support to moral support \u2013 on the importance of cybersecurity is hugely valuable.\u201d<\/p>\n

Image credit: Thomaguery; Getty<\/em><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

[:]<\/p>\n","protected":false},"excerpt":{"rendered":"

[:en] Universities around the world are facing ever increasing cybersecurity risks, particularly in the post-pandemic world \u2013 and Stellenbosch University is not immune to these threats. Even before Covid-19 struck, higher education institutions were already gathering vast amounts of data from students and staff \u2013 and now, with more hybrid and remote offerings, requiring even […]<\/p>\n","protected":false},"author":11479,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49,3256,29187],"tags":[],"class_list":["post-15850","post","type-post","status-publish","format-standard","hentry","category-general","category-news","category-security-2"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 03:16:50","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/15850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/11479"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=15850"}],"version-history":[{"count":8,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/15850\/revisions"}],"predecessor-version":[{"id":16027,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/15850\/revisions\/16027"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=15850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=15850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=15850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}