You are here

Working together to Strengthen Cybersecurity in University Libraries

Sam Searle
Griffith University

Background: Cybersecurity is a hot topic, climbing in 2018 to #2 in CAUDIT’s Top 10 Issues. Libraries are increasingly exposed to threats, with prominent recent examples including:

• a 3-day distributed denial of service (DDoS) attack on the Library of Congress

• ransomware attacks on PCs in US public libraries, and

• the Silent Librarian phishing campaign, which a erected 26 Australian universities. Researchers mistakenly believed their library accounts would be closed and provided log-in credentials enabling the the of research.

As few librarians are trained in key aspects of cybersecurity there is an urgent need for greater collaboration with cybersecurity professionals to accurately identify and e effectively mitigate risks. Methods: The presentation is a single-site case study of work across the library and cybersecurity teams in a large Australian university. Findings are relevant to other contexts, because of similarities in the way library applications are procured and managed and because of the limited number of vendors and products in the market.

Findings / Discussion: Griffith University’s Library Technology Services manages a portfolio of so ware applications, most of which are cloud-hosted. Applications and integrations are under increased scrutiny and we now engage more with staff from Cyber Security Services in Digital Solutions, particularly when we evaluate new applications or perform major upgrades.

Cyber Security Services offers support across three main categories: process, technology, and people. This presentation will discuss both technical and non- technical actions we are taking to uplift the Library’s overall cybersecurity maturity. Work to date highlights the Library’s need to focus on the security architecture of so ware applications, to demand more mature cybersecurity approaches from our vendors and service providers, to regularly review processes for protecting log-in credentials, and to address staff information and training needs.

While this work is essential it is also challenging, in terms of project budgets and timelines, stakeholder perceptions, and the allocation of staff resources. The presentation will discuss how library and cybersecurity professionals can work together to build capability, both at the level of individual institutions and across the sector.

(A copy of this presentation is unfortunately not available).