In today’s rapidly evolving digital landscape, Australian universities and hospitals present attractive targets for cybercriminals. As cyberthreats become more sophisticated, especially with the advent of AI-powered attacks, it is imperative that everyone in the University and Hospital community plays a role in protecting sensitive data and critical systems.

Below I lay out some important information about this area and urge everyone to complete the training module available in Workday so we are all as well prepared as we can be to prevent cybersecurity breaches.

---

Most common cybersecurity risks to Macquarie

Phishing

Among the most common cybersecurity threats are phishing attacks. Crafty cybercriminals employ social engineering tactics, often sending deceptive emails with references to specific University executives and luring unsuspecting recipients into clicking malicious links or opening infected attachments. These phishing attacks are designed to collect your username and password to allow the hackers access to University systems.

Tip: You can protect yourself and the organisation by ensuring you do not click on any unsolicited link or attachment and ensuring you have multifactor authentication enabled on all your devices

Executive impersonation scams

Executive impersonation scams occur when a hacker mimics a high-level University executive with an urgent request to a staff member to purchase gift cards, access protected data, enable illegal money transfers or mislead staff. This is experienced most commonly via email, however there is an increasing occurrence of executive impersonation scams utilising social media, such as LinkedIn, Facebook and Instagram.

Tip: You can protect yourself and the organisation by reviewing the header of the email (which will reveal the sender is not genuine), reviewing the request against your knowledge of the executive and by slowing down. The hacker relies on the sense of urgency forcing the target to make a mistake.

In addition to phishing and impersonation scams, universities are targets for various other cyberthreats, including malware attacks, data breaches, and denial-of-service assaults. These threats endanger our student information, staff records, research, patient information and overall operations.

---

Our collective responsibility

The ever-evolving cybersecurity landscape underscores that defending against cyberthreats is a shared responsibility. Every member of our community must be vigilant, well informed, and proactive in safeguarding our digital assets. Here’s how you can contribute:

• Cybersecurity education

– Complete our cybersecurity training in Workday (Protecting Data and Devices – under Workday – Apps > Learning).

– Stay informed about cybersecurity in general. Knowledge is our best defence. 

• Compliance with policies

Familiarise yourself with and adhere to our University’s Cybersecurity policies and procedures. Compliance ensures that we’re all on the same page in protecting our digital domain. 

• Password security and 2FA

Use strong passwords and enable two-factor authentication (also known as multi-factor authentication) for all your online accounts. This extra layer of security helps thwart unauthorised access.

• Regular software updates

Keep your devices and software up to date. Promptly apply software updates to patch known vulnerabilities. 

• Beware of phishing

Exercise caution with emails and attachments. Do not click on links or open attachments from unknown senders. Report suspicious emails promptly via phishingemail@mq.edu.au.

• Immediate reporting

If you suspect a cyberattack, don’t hesitate. Report it to the IT helpdesk immediately. Swift action can mitigate potential damage.

---

The stark reality: Statistics speak

Consider these eye-opening statistics:

• In 2022, the Australian National University (ANU) suffered a major data breach that exposed the personal information of more than 200,000 students and staff. The breach resulted from a sophisticated phishing attack targeting staff members.
• In 2021, Melbourne Health experienced a ransomware attack that encrypted patient records and disrupted critical healthcare services. The attackers demanded a $1 million ransom, which the health network courageously refused to pay, but the incident still incurred significant costs.
• In 2022, the Australian Cyber Security Centre (ACSC) reported more than 1,000 cybersecurity incidents within the education sector, making it the most targeted sector in Australia. The healthcare sector also faced an escalating threat from cybercriminals.
• In 2023, a global ransomware attack targeted healthcare organisations in more than 70 countries, including Australia. The attackers exploited vulnerabilities in widely used medical devices, encrypting patient records and demanding ransoms. This attack showcased the vulnerability of the healthcare sector to cyberthreats.

---

A call to action

The rise of AI-based attacks and the increasing sophistication of social engineering tactics demand our unwavering attention. We must collectively act to bolster our cybersecurity defences. The safety of our universities, hospitals, and the broader Australian community depends on it. I urge all staff to complete the training module and will be asking leaders to ensure that this is happening.

Remember, this is not just an IT issue; it’s everyone’s responsibility. We are united against cyberthreats. Let’s fortify our defences and protect the University and MQ Health.