Cyber threats for Australia’s higher education sector
Earlier this year, the Tertiary Education Quality and Standards Agency (TEQSA) released a cyber threat detailing malicious code from commercial cheating providers. Researchers in the US had found four types of malicious code on Australian university sites:
Search redirects — redirecting students to cheating service websites
Content links — adding links to cheating service websites on university websites
Comments — adding comments to discussion forums with links to cheating service websites
Fake contests — fake scholarship and essay contests added to university websites to get original student work and then resell it
TEQSA urged all higher education institutions to take specific cyber security actions. These actions included checking their websites for malicious code, putting in place mitigation strategies and educating students and academics on the importance of academic integrity.
The TEQSA alert included links to the Australian Cyber Security (ACSC) and its advice on assessing security vulnerabilities and applying . Patching is part of the ASCS’s essential eight for cyber security.
Security patching
Website security patches provide protection against known (usually new) threats by ‘patching’ the code to protect against the problem/threat. Website security patches are an essential part of ensuring your site is secure.
The ACSC’s advice on security includes recommended time frames — from release of the patch to when you should apply the patch to your site. You can find out more about patching on Salsa’s patching page.
Other ways to protect your websites from cyber threats
In addition to actioning patches in a timely manner, there are several other things you can do to protect your website. For example:
Use a static copy of your site for the frontend (e.g. QuantCDN)
Use Drupal Steward
Make sure your site is hosted on a secure hosting service
QuantCDN
QuantCDN generates and serves a static version of your website to your audience. The Quant technology sits between your website and your visitors. This significantly reduces the attack surface because users interact with a static representation of your content, not the frontend of your live content management system (CMS). More about
Drupal Steward
Drupal Steward is a fully managed web application firewall service. The globally distributed service provides immediate, affordable protection for websites that significantly reduces the risk between the time security vulnerabilities are discovered and the time your website is patched. More about Drupal Steward
Secure hosting service
Ensuring your website is hosted on a secure platform is also an important risk mitigation strategy. For government platforms like the national GovCMS platform and Victoria’s Single Digital Presence, security is already a key deliverable. These platforms undergo a rigorous security assessment — read our blog on IRAP security certification for GovCMS as an example.
When choosing a hosting service, make sure you’re across its security measures. Salsa has just launched a dedicated, secure hosting platform for our clients. We’re currently bringing clients onto the hosting service, including one of Australia’s leading universities.
Salsa Digital’s take
Cyber attacks are on the rise, in part due to accelerated digital adoption during Covid (see the ACSC Annual Cyber Threat Report for more information). Many governments are aware of these risks and are/have proactive and ongoing measures to keep on top of such threats. Now it's the higher education sector’s turn to be more proactive and guard against cyber threats. We’re looking forward to helping our higher education clients and the sector in general secure their sites.