Comment by Interim Vice-Chancellor, Professor Simon Evans
Any doubt about the need for strong cybersecurity, at work and in our private lives, should have been dispelled by the high-profile hacks of Australian companies over the past few weeks.
The recent Medibank hack, in particular, demonstrated how a breach in enterprise defences has consequences for individuals. The Medibank hackers, failing to get the ransom they demanded for the data they stole relating to 9.7 million customers, dumped the information on the “dark web”. Overnight, the online security of millions of households became at risk of cyber-crime.
The hacks on Medibank, and Optus before it, prompted UNE’s cybersecurity team to accelerate the already-planned rollout of Multi-Factor Authentication (MFA).
Multi-Factor Authentication uses your mobile phone to confirm that it is you who is logging into your UNE account. That means your account can’t be accessed by someone (or something) that has identified your password – and if there is an illicit attempt to access your account, you will be notified of it on your phone. Microsoft has found MFA blocks 99.9% of automated cyberattacks.
By now, all colleagues should have received an invitation email from Duo Security (no-reply@duosecurity.com) containing instructions on how to enrol in MFA. Enrolling will be mandatory a requirement for access to UNE staff accounts from 6 December 2022.
More information and FAQs about MFA are available here. I found that enrolling for MFA was the work of a minute or two, and that there is little friction in using the system.
MFA is just one brick in UNE’s cybersecurity wall. It is no exaggeration to say that the University, along with every other large organisation, is constantly under cyber-siege — and is constantly enhancing its defences against the evolving threat. Over one 30-day period, UNE’s defences blocked more than 14,000 spam emails, 750 malware programs, 167 malicious processes, 26 malicious links, 17 untrusted executables and prevented 171 credential thefts. Eight worms were detected and contained, and one high-risk code injection was blocked.
Phishing attacks alone have risen by more than 60% over the past year, with more than a million phishing messages sent to UNE staff.
As UNE works to strengthen its cyber-defences, I urge colleagues to strengthen their own. For digital criminals, poor personal digital habits can be the vulnerability used to crack open an entire organisation. Then, as we have seen in the case of recent well-publicised attacks, it is not just one person at risk, but many.
Hi there
Cybersecurity defence is an issue of great importance at UNE.
Can I point out though that you don’t have to use your personal mobile phone to undertake MFA at UNE if you don’t want to – a token is available from ITD that works just as well.
I’ll be using the latter method because I like to keep my personal phone personal, unconnected to my workplace.
I’ll be getting my token shortly.
Melissa Parsons
HASS
Who or what is Duo and why is it not mentioned in the bit of the IVC statement that occurs above the fold?
Hi Iain, you can learn more about Duo in an article from UNE’s IT Services: https://www.une.edu.au/staff-current/staff-services/it-services/security/multi-factor-authentication
Hi Iain, you can learn more about Duo in an article from UNE’s IT Services: https://www.une.edu.au/staff-current/staff-services/it-services/security/multi-factor-authentication