Helping defend against cyber attacks

In another step forward for cyber security at ACU, the new Security Operations Centre (SOC), a ‘mission control’ for threat monitoring, goes live this week.

Universities present as large targets to cyber-criminals by storing lots of sensitive personal or research data, intellectual property, and are increasingly reliant on technology to support learning, teaching, and operations.

According to a recent study by cyber threat intelligence provider Check Point Research, the Australian education sector saw a 17 per cent increase in cyber attacks in 2021. Given that cyber criminals spend an average of 56 days snooping around for weaknesses or vulnerabilities, that means a lot of time and attention is being directed at finding ways into our systems, and the methods are getting sneakier.

Along with the email monitoring system explored in last week’s Staff Bulletin article What happens when you click the Report Email button, ACU IT this week goes live with a Security Operations Centre (SOC) provided by AARNet.

A Security Operations Centre is a type of ‘mission control’ for cyber security threat monitoring. Logs of ACU’s activities (like breadcrumbs that record digital actions a user has taken such as accessing email, Banner, Staff/Student Connect) are funneled into one central location, where world-class artificial intelligence scans the logs for patterns or known threats. The results are then sent to a team of highly-skilled analysts who can rapidly alert ACU and provide advice and support to remediate the issue – ideally before it becomes a real problem. The SOC may also highlight insecure practices, leading to proactive intervention and stronger cyber security defenses.

AARNet, a not-for-profit industry resource initiated by the Council of Australasian University Directors of Information Technology (CAUDIT), is uniquely positioned to provide tailored cyber security support for the higher education sector. They are highly attuned to sector specific threats and can identify associated patterns and alert the university community if a threat is detected. Additionally, AARNet servers are located in Australia so our data remains on-shore and is subject to Australian privacy laws. ACU is a member of CAUDIT. 

The SOC comes into operation this week, when AARNet staff will spend time baselining or learning normal behaviours for ACU so they can identify anomalies in the future. IT staff have been working to set up a single collection point for the logs to create a large pool of information, configuring systems to send logs to the collection point, providing information to AARNet, and attending training.

Thanks to Andrew Joma, Namir Kasim, Mark Laffan, and Wenyun Ji from the IT Directorate for their work to set up this vital cyber security resource for ACU.

Join the Cyber Security Workplace group for up-to-date news and information on cyber security from our ACU cyber security experts.