Hear from the Head of IT Security at one of Singapore’s top universities about the state of cyber in education

Many are unaware of just how challenging it is to run cybersecurity in a university, according to Ang Leong Boon, Head of IT Security at the National University of Singapore (NUS).

Unlike other organisations, educational institutions often have to keep IT environments relatively open in order to facilitate research, learning and teaching. 

Ang points to the example of financial institutions, which are often able to restrict administrator access to its employees to prevent them from downloading external applications and software onto company devices. 

But institutes of higher learning (IHLs) cannot do the same, as it would mean having to invest additional manpower costs to help faculty and research staff install customised software for their work. “It’s just not feasible,” he says. 

This alone poses a large risk for IHLs, as every one of these exposed endpoints would be a big cyber risk. “Imagine that you could install any software, which means that anyone taking over your machine and hacking your machine could also install any software,” Ang highlights.

Zero trust and a culture-based approach

It is with this in mind that the education sector places such a great emphasis on zero trust and a culture-based approach to cybersecurity, according to Ang. 

“Zero trust has been the founding principle of our IT environment…since before it became a buzzword,” Ang says. This is an approach where users have their identity and authorisation level verified each time they access an organisation’s network, system or application. If an unauthorised access is detected, the user is then blocked. 

“What’s interesting from the education environment perspective is that we have had zero trust since day one because we are well aware that humans are the weakest links in the cybersecurity chain,” he adds. 

Likewise, Ang emphasises the need for a culture-based approach, where IHLs need to convince various demographics to adopt security as part of their everyday lives. “It’s no longer the IT department or the security team saying that we must do this…it has to come from within,” he says. 

“Everyone needs to think, ‘I'm doing this because I'm protecting my own machine and protecting my own data’,” he explains. 

Hear more from Ang on how he strives to promote a culture of cybersecurity in NUS and on other key challenges faced by IHLs at GovInsider’s upcoming in-person event – Deep Dive into the Zero Trust Approach for Cyber in Education, happening on 29 March, Wednesday, 9.30 am to 1 pm.