Get more Mail & Guardian
Subscribe or Login

UCT leads in countering cyberattacks on varsities

The recent global ransomware attack by WannaCry has reinforced awareness of everyone’s vulnerability to attack in the cyberrealm, whether it is against individuals or corporate entities.

Given that information and know-ledge are the stock in trade of universities, it’s not surprising that cybersecurity is among the top risks faced by institutions such as the University of Cape Town.

Not only do university information systems contain the names and contact details of thousands of students and staff members (including banking details for staff) but also contain other valuable information: research statistics, intellectual property and health information from medical and science labs, to name just a few examples.

All that information needs to be protected. In addition, university information systems themselves are powerful tools that hackers like to take over and use for their own illegal purposes.

The challenge for university cybersecurity is to govern security in a way that doesn’t hamper research, teaching or learning. Educational institutions require flexibility. For instance, more and more university lecturers are incorporating blended learning into their course content, when it’s appropriate.

Blended learning allows students to access learning resources for a specific course online at any time of the day. And staff members often need access to the university system when they must work away from campus, during evenings or weekends when they are at home.

This means that UCT, for instance, can have tens of thousands of users logged into its network at any time, from anywhere in the world, working at different levels of access to university information and its information system’s analytical and processing power.

UCT is the first university in South Africa to develop a cybersecurity strategy. In summary, we have followed these basic steps.

Decide on a framework

There are a host of systems available around the world. We selected the cybersecurity framework provided by the National Institute of Standards and Technology in Maryland in the United States. The framework involves five cybersecurity steps: identify, protect, detect, respond and recover.

Identify problem areas

Outside contractors can assist with this process. BitSight, for instance, provides a security ratings scorecard that is so well regarded that a good BitSight score may help to reduce cybersecurity insurance premiums.

Factors to benchmark can include the number of security incidents reported in a month or a year, cybercrime incidents, hacking incidents, software piracy, and the unauthorised use of the internal email system, to name a few.

Know where you want to go

One of our primary goals has been to raise awareness of cybersecurity and how to report security issues. In October 2015, for instance, we initiated cyber workshops.

Building awareness has been a key achievement and we have been rewarded by a good response from UCT staff and students, who are keen to bring suspicious emails and other security issues to our attention.

Other milestones include allocating a significant cybersecurity budget, establishing South Africa’s first university-based computer security incident response team with technical expertise, developing the country’s first cyber and information security policies for a university, and training 80 staff members in basic cybersecurity.

Identify barriers to plan

Among the barriers is the matter of university policy taking years to be written, revised and finally passed. Budgets have to be adjusted to accommodate the costs of cybersecurity, including possibly upgrading technology.

An early barrier can be cultural: making people aware of the need for cybersecurity. In spite of the many news reports about cyberattacks, hacking, phishing scams and banks that have lost depositors’ funds because of cybercrime, many people remain unaware of the risks.

Measure the plan’s success

UCT measures the number of things, including phishing emails, that are reported, such as virus attacks, attacks on the web server, reports of spam, incidents of suspected criminal activity, and malicious code and malware activity. We also have the ability to measure our suppliers for similar factors.

Other South African universities have been keen to learn more about creating a cybersecurity strategy, and we have been communicating with them. Last year, information technology staff from several universities attended a two-day workshop at UCT led by a Canadian cybersecurity specialist.

Like every other South African university, UCT belongs to the Association of South African University Directors of Information Technology (Asaudit), which provides a platform for sharing know-ledge and opportunities for networking, engagement and collaboration.

We have been asked to make a presentation at the national Asaudit technology event in June. UCT and Dimension Data will run the first Cybersecurity Symposium Africa from July 17 to 19. For more information, visit

Sakkie Janse van Rensburg is the executive director for information and communication technology systems at the University of Cape Town

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Van Rensburg
Guest Author

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

DA’s egregious sexual harassment case finally begins

The party is accused of protecting a councillor, who’s also implicated in R1.2m graft

The ANC, DA and EFF ‘oblivious’ to climate crisis —...

The Climate Justice Charter Movement has critiqued the manifestos of the main parties contesting the local government elections and found them ‘shallow’

More top stories

R1.5-billion in funding approved for riot-hit businesses

Agencies emphasise that speed is crucial to rescuing firms affected by July’s unrest

DA’s egregious sexual harassment case finally begins

The party is accused of protecting a councillor, who’s also implicated in R1.2m graft

Mkhwebane will not oppose Mabuyane’s application to interdict remedial action

In papers filed on Tuesday, Mkhwebane said that she would abide by the court’s decision in the matter.

The ANC, DA and EFF ‘oblivious’ to climate crisis —...

The Climate Justice Charter Movement has critiqued the manifestos of the main parties contesting the local government elections and found them ‘shallow’

press releases

Loading latest Press Releases…