Sonicwall Midyear Banner1

Security Market Segment LS

Sonicwall Midyear2 Banner

Sonicwall Leaderboard Banner2

Thursday, 08 July 2021 22:51

NSW Department of Education victim of cyber security attack

By Staff Writer

The New South Wales Department of Education is working to recover departmental systems after becoming a victim of a cyber-security attack, with the department saying it has worked with Cyber Security NSW to reactivate services as soon as possible.

The attack hit following a directive from the state government for schools to return to remote learning.

According to the Department in response to the attack, a number of internal systems have been deactivated as a precaution and have been unavailable since late Wednesday.

NSW Education Secretary Georgina Harrisson said the Department’s priority is the safety and security of its student and staff data, and it has therefore made the precautionary decision to take some systems offline while it investigates further.

"The timing of this creates considerable challenges for staff as we prepare for the start of Term 3,” Harrisson said.

“Thankfully, our teams have been able to isolate the issues and we are working to reactivate services as soon as possible.”

Harrisson said Department of Education and Cyber Security NSW teams are working to ensure normal access is restored in time for the start of Term 3.

“I am confident we will have the issue resolved soon and want to reassure teachers and parents that there will be no impact on students learning from home next week,” Harrisson said.

"Whilst we are confident all systems will be back online before Day 1, Term 3, we are making information to support home learning available on our public website so that preparations for the start of term can continue."

Harrisson said as well as working closely with Cyber Security NSW to resolve the issue, the department has referred the matter to the NSW Police and federal agencies.

“As the matter is under investigation, it is inappropriate to make any further comment,” Harrisson concluded.

The security attacks on the NSW Department of Education drew comments from key players in the secrity sector - Barracuda Networks, LogRhythm and WatchGuard Technologies.

“The sheer amount of personal information held by education government departments, schools and universities makes them an ideal hacking target. At the same time, the substantial shift towards remote learning and e-learning has made them even more vulnerable and appealing to nefarious players,” said Mark Lukie, Sales Engineer Manager – APAC, Barracuda Networks.

“During 2020, our researchers found that educational institutions are more than twice as likely to be targeted by business email compromise (BEC) attacks than an average organisation. In fact, more than one in four spear-phishing attacks that we saw targeting the education sector was a carefully crafted BEC attack.

“Both public and private sector organisations of all sizes are susceptible to web application, volumetric attacks and ransom demands at crucial times. We believe in the benefits of cloud augmented security to help educational organisations mitigate risk against modern attacks and allow for scalability and agility. Having the appropriate technology components in place that support ongoing business and operations functionality while also ensuring core applications and data are secure is the critical challenge.”

Simon Howe, Vice President Asia Pacific Sales, LogRhythm commented: “The education sector continues to be a top target for cyberattacks. As we have witnessed over the past few months, threat actors are still at large implementing cyberattacks to gain control of vital data and bring organisations to their knees. The increased reliance on e-learning has made schools in Australia and many other countries an even bigger target of opportunity than before as the stakes are higher and worth more money. If the technology is taken down, lessons come to a complete standstill. This will likely not be the last attack targeting schools.

“More than ever, it is crucial for education departments to take a proactive approach and invest in cybersecurity solutions that automatically detect malicious behaviour and enable network infrastructure to block any further access attempts. Cybersecurity is not just for large companies and should be appropriately funded at the state and local government level to ensure that our students can continue to learn without disruption.”

“This attack shows that irrespective of the industry, people behind cyberattacks are not biased. Education providers hold a wealth of data, including sensitive intellectual property and the personal details of tens of thousands of students and staff members.,” said Anthony Daniel, Regional Director – Australia, New Zealand and Pacific Islands, WatchGuard Technologies.

“As such, they’re prime targets for hackers and cyber-criminals. Given increasing awareness and concern about cyber-crime, institutions which aren’t seen to be taking all reasonable steps to prevent their systems being compromised or hacked can expect to take a serious reputational hit, if the worst occurs.

“The NSW Department of Education seems to have done its due diligence by deactivating its system for the 21 hour period and involve the appropriate agencies. It is fortunate that it is school holidays. However, this attack has disrupted and delayed preparation of work for teachers and principals as they prepare for the new term next week.

“This shows the impact of how an attack can disrupt the day to day functions of any business, school or educational organisation. Putting aside the financial impact, this requires more human hours to rectify, delaying the required work needed to prepare for the new term, hence creating the stress for all teachers and principals.

“Our advice to parents and teachers is to ensure they have a secure network at home and if they don’t, to really look into having a robust solution implemented as students learning remotely still require a high level of security.

“Multi-Factor Authentication can help institutions protect the personal data of students and staff, irrespective of when and where they log on. A simple, easy-to-use service with convenient authentication factors, including mobile tokens, and a single sign-on capability can be deployed to protect the cloud applications, email accounts and video conferencing platforms institutions use to deliver the learning experience.”

Read 4015 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News