NSW universities have been told to improve their cyber security processes after the state’s auditor-general found “a significant under reporting of incidents”.
The NSW audit office today released its annual audit of the tertiary sector [pdf], which identified a number of common cyber security issues across the state’s ten universities.
It found “opportunities to improve cyber security controls and processes to reduce risks, including [those] relating to financial loss, reputational damage and breaches of privacy laws”.
Most worryingly, only two of the ten universities audited were formally training staff in cyber awareness.
Only half the universities were found to maintain a register of cyber incidents.
“Of those universities that did register cyber incidents, between three to 100 incidents were acknowledged during 2017,” the audit states.
“The range of reported incidents at universities … indicates a significant under reporting of incidents.”
Four universities did not test cyber resilience in 2017, while three had no recovery plan in place following a cyber attack.
Three had also not considered the potential impacts of cyber…