Since the escalation to armed conflict, we have seen an increase in cyber attacks globally.  Whilst in the main, these have been targeted at Ukraine financial, military and critical infrastructure, there is a very real threat that this will spill over to the rest of the world.

The international hacking group – Anonymous, has declared ‘cyber war’ on Russia and has invited anybody to join in.  The likelihood is they will provide them with guidance and tools to attack the Russian infrastructure.  The call has also gone out from Ukrainian officials with an offer of payment for services.

However, the likelihood that 100% of these recruits are committed to the cause is dubious.  To date, there’s an estimated 250,000 ‘hackers’ registered globally to take advantage of the offer.  A lot of these are likely to be based in Australia and could use these newfound skills and tools to attack others including Australian based institutions.

Russia has, of course, responded with their own threats.  Apart from their state sponsored cyber unit, the Russian ransomware gang – Conti, has said they will respond to any cyber-attack by targeting any country from which it was launched.  This puts Australia in the frame for increased cyber attacks focussed on critical infrastructure, of which further education and research is a part.  As a result, we can expect to see an increase in activity that UNE need to prepare for, both as an organisation and as individuals.

To tighten UNE’s security posture we are calling on UNE staff and affiliates to maintain heightened awareness regarding the increased threats to the university.

It’s worth noting how valuable university information is.  Apart from the personal information the university holds on all personnel, affiliates and students which must be protected by law, the financial information and the strategic planning information, there is a prodigious amount of research data that would have value to others.  This has been generated as a result of research projects sponsored by government or private industry.  Loss, theft, unavailability or damage to the integrity of this information could have a massive impact on UNE such as:

  • Potential loss of revenue if the information is used to manufacture products affecting competitive advantage;
  • Loss of credibility for UNE as a result of the inability to protect the sponsors and the researchers’ intellectual property;
  • Failure of state sponsored strategic initiatives;
  • Potential impact on UNE’s ranking if original research papers are not published;
  • Increased risk to UNE’s ability to achieve its business objectives;
  • Increased risk of critical decisions being made based on flawed and / or incomplete information.

In lieu of a formal scheme which will help each person to formally ‘classify’ their research data and information, it is essential each person takes a view on the value of their work and acts accordingly.  For example, the following questions should be asked:

  • Can I easily recreate the data if it is lost or corrupted?
  • What is the commercial value of the information on the open market?
  • What will the sponsoring company or government department stand to lose in terms of investment and loss of strategic research?
  • What would UNE lose in reputational damage?
  • What would I, as an individual researcher, lose in terms of reputation if someone else published your research?

These answers will help to contextualise the value of your research and set parameters around the cost of cyber security.   Specifically, to minimise the risk of data loss or corruption, it is essential that relevant research data is backed up to the appropriate UNE approved repository. 

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to servicedesk@une.edu.au, +61 (2) 67735000.  Suspicious activity may include:

  • Phishing emails – unexpected emails requesting information or encouraging you to click on an embedded link;
  • Suspicious phone calls or text messages – if they aren’t expected, hang-up or block the texts;
  • Loss of data or inability to access a system;
  • Unexpected changes to your account details.

If you haven’t already, we would encourage you to visit the UNE Cybersecurity page and undertake the UNE Cyber Security Awareness training.

Thanks for your support in helping us maintain the cyber security integrity of UNE.