Comment by Interim Vice-Chancellor, Professor Simon Evans

Any doubt about the need for strong cybersecurity, at work and in our private lives, should have been dispelled by the high-profile hacks of Australian companies over the past few weeks.

The recent Medibank hack, in particular, demonstrated how a breach in enterprise defences has consequences for individuals. The Medibank hackers, failing to get the ransom they demanded for the data they stole relating to 9.7 million customers, dumped the information on the “dark web”. Overnight, the online security of millions of households became at risk of cyber-crime.

The hacks on Medibank, and Optus before it, prompted UNE’s cybersecurity team to accelerate the already-planned rollout of Multi-Factor Authentication (MFA).

Multi-Factor Authentication uses your mobile phone to confirm that it is you who is logging into your UNE account. That means your account can’t be accessed by someone (or something) that has identified your password – and if there is an illicit attempt to access your account, you will be notified of it on your phone. Microsoft has found MFA blocks 99.9% of automated cyberattacks.

By now, all colleagues should have received an invitation email from Duo Security (no-reply@duosecurity.com) containing instructions on how to enrol in MFA.  Enrolling will be mandatory a requirement for access to UNE staff accounts from 6 December 2022.

More information and FAQs about MFA are available here. I found that enrolling for MFA was the work of a minute or two, and that there is little friction in using the system.

MFA is just one brick in UNE’s cybersecurity wall. It is no exaggeration to say that the University, along with every other large organisation, is constantly under cyber-siege — and is constantly enhancing its defences against the evolving threat. Over one 30-day period, UNE’s defences blocked more than 14,000 spam emails, 750 malware programs, 167 malicious processes, 26 malicious links, 17 untrusted executables and prevented 171 credential thefts. Eight worms were detected and contained, and one high-risk code injection was blocked.

Phishing attacks alone have risen by more than 60% over the past year, with more than a million phishing messages sent to UNE staff.

As UNE works to strengthen its cyber-defences, I urge colleagues to strengthen their own. For digital criminals, poor personal digital habits can be the vulnerability used to crack open an entire organisation. Then, as we have seen in the case of recent well-publicised attacks, it is not just one person at risk, but many.