NSW Education’s current hack exposes the cybersecurity lessons not learned

Details of Australia attack are sparse but timing suggests opportunistic cybercriminals targeted agencies struggling to meet security requirements.

security school education binary code classroom by skynesher getty
Skynesher / Getty / Thinkstock

It came at perhaps the worst time imaginable, but the 8 July 2021 hack of Australia’s largest education system will have been no surprise to government auditors that have spent years urging the education sector to adopt better cybersecurity practices.

Cyberattack forces shutdown of NSW school systems

Just as it was racing to reintroduce remote learning with just a few days’ notice from a government scrambling to contain New South Wales’s exploding COVID-19 outbreak, the NSW Department of Education (DoE) was crippled by a cyberattack that forced it to shut down a broad range of key systems.

NSW DoE took numerous systems offline in response to the attack—which came just two days after DoE asked schools to be ready to implement home learning at short notice. Teachers were left unable to accessa range of learning resources, the department’s online portal, and even collaboration tools like Zoom.

Acknowledging that “the timing of this creates considerable challenges for staff as we prepare for the start of Term 3,” NSW Education secretary Georgina Harrisson said technical teams at the department—which manages delivery of primary and secondary education to more than 1.2 million students at more than 3,100 government schools across the expansive state—“have been able to isolate the issues and we are working to reactivate services as soon as possible”.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.