Date:
10 November 2021
Author:
Alfred Deeb

Cyber threats for Australia’s higher education sector

Earlier this year, the Tertiary Education Quality and Standards Agency (TEQSA) released a cyber threat alertExternal Link detailing malicious code from commercial cheating providers. Researchers in the US had found four types of malicious code on Australian university sites:

  • Search redirects — redirecting students to cheating service websites

  • Content links — adding links to cheating service websites on university websites

  • Comments — adding comments to discussion forums with links to cheating service websites

  • Fake contests — fake scholarship and essay contests added to university websites to get original student work and then resell it

TEQSA urged all higher education institutions to take specific cyber security actions. These actions included checking their websites for malicious code, putting in place mitigation strategies and educating students and academics on the importance of academic integrity.

The TEQSA alert included links to the Australian Cyber Security CentreExternal Link (ACSC) and its advice on assessing security vulnerabilities and applying patchesExternal Link . Patching is part of the ASCS’s essential eight for cyber security.

Security patching

Website security patches provide protection against known (usually new) threats by ‘patching’ the code to protect against the problem/threat. Website security patches are an essential part of ensuring your site is secure.

The ACSC’s advice on security patchesExternal Link includes recommended time frames — from release of the patch to when you should apply the patch to your site. You can find out more about patching on Salsa’s patching page.

Other ways to protect your websites from cyber threats

In addition to actioning patches in a timely manner, there are several other things you can do to protect your website. For example:

  • Use a static copy of your site for the frontend (e.g. QuantCDN)

  • Use Drupal Steward

  • Make sure your site is hosted on a secure hosting service

QuantCDN

QuantCDN generates and serves a static version of your website to your audience. The Quant technology sits between your website and your visitors. This significantly reduces the attack surface because users interact with a static representation of your content, not the frontend of your live content management system (CMS). More about QuantCDNExternal Link

Drupal Steward

Drupal Steward is a fully managed web application firewall service. The globally distributed service provides immediate, affordable protection for websites that significantly reduces the risk between the time security vulnerabilities are discovered and the time your website is patched. More about Drupal Steward

Secure hosting service

Ensuring your website is hosted on a secure platform is also an important risk mitigation strategy. For government platforms like the national GovCMS platform and Victoria’s Single Digital Presence, security is already a key deliverable. These platforms undergo a rigorous security assessment — read our blog on IRAP security certification for GovCMS as an example.

When choosing a hosting service, make sure you’re across its security measures. Salsa has just launched a dedicated, secure hosting platform for our clients. We’re currently bringing clients onto the hosting service, including one of Australia’s leading universities.

Salsa Digital’s take

Cyber attacks are on the rise, in part due to accelerated digital adoption during Covid (see the ACSC Annual Cyber Threat Report 2020-21External Link for more information). Many governments are aware of these risks and are/have proactive and ongoing measures to keep on top of such threats. Now it's the higher education sector’s turn to be more proactive and guard against cyber threats. We’re looking forward to helping our higher education clients and the sector in general secure their sites.