Securing Our Future: Adaptive Frameworks for Threat Management in Education and Healthcare

As security threats continue to evolve, the tertiary and healthcare sectors must continue to tailor and enhance their security measures to address their unique and evolving challenges effectively. These institutions face complex security and safety vulnerabilities that demand advanced, multi-faceted risk mitigation strategies. 

Personal safety 

Personal safety and security are a concern for institutions, requiring a comprehensive approach to protect their human assets. To effectively safeguard staff, students, and visitors, institutions must address the vulnerabilities of their people. This involves implementing proactive strategies for early threat detection and harm minimisation, leveraging physical, technical, and cultural security measures. By focusing on these areas, institutions can create a safer and more secure environment to mitigate potential security threats and risks before they escalate. 

Response planning 

The violent attack at the Australian National University (ANU) highlighted the importance of having a well-prepared response plan and robust personal security measures. While early detection may not have been feasible due to the attacker’s mental instability, and unplanned nature of the attack, the incident underscores the need for comprehensive strategies to manage and respond to such critical situations effectively. Similarly, an incident at a South Australian regional hospital underscored the urgent need for enhanced security protocols to protect healthcare staff from violent outbursts. These events reveal the necessity of integrating campus safety with broader public safety and incident response plans. Developing comprehensive incident response strategies and collaborating with local law enforcement and emergency services is essential for creating a seamless safety network. 

Balancing security and free speech 

In terms of managing issue motivated activity, some universities have adopted a policy that requires three days’ notice and approval for campus demonstrations.  This has sparked concerns about the implications for free speech and campus activism. While Universities may argue that the policy is designed to ensure safety and manage campus use, it illustrates the complex balance between maintaining security and supporting open dialogue. Universities must play a crucial role in protecting personal safety while ensuring that protest activities do not compromise the well-being of the campus community. 

Mitigating insider and external threats 

In addition to personal security, threats from within an institution or from foreign actors seeking to gain intelligence for malicious use require sophisticated mitigation strategies. Research espionage is a pressing issue, with Australian universities increasingly targeted by foreign actors seeking to steal valuable intellectual property and sensitive data. The Australian Security Intelligence Organisation (ASIO) has highlighted numerous attempts to infiltrate the research sector, posing significant risks to national security and competitive advantage. Universities must navigate the challenge of balancing open academic collaboration with the need to protect private information. The vulnerability of research institutions is further exacerbated by the extensive data generated and shared internationally, making them attractive targets for espionage. Despite efforts to raise awareness and implement security measures, critics argue that Australia still lags behind its allies in adequately responding to threats that may arise. This complex landscape of maintaining academic openness while safeguarding research integrity underscores the need for ongoing vigilance and enhanced security protocols within the university sector. 

Additionally, the University of Western Australia (UWA) experienced a phishing attack in 2020 that compromised several staff email accounts. This incident led UWA to implement a comprehensive incident response plan, including multi-factor authentication and enhanced staff training on phishing awareness, highlighting the importance of rigorous checks and ongoing training to mitigate such risks. 

Risk assessments 

To tackle these challenges, institutions must conduct advanced security risk assessments tailored to their specific vulnerabilities. Effective security management begins with identifying assets and analysing institutional vulnerabilities. Integrating these assessments into existing security frameworks allows institutions to better anticipate and mitigate risks. 

Governance and security culture 

Robust protective security governance frameworks and a strong security culture are crucial for effective security management. Institutions need to involve stakeholders from various departments and designate a board-level owner of security risk. Regular reviews of security maturity and reporting processes are essential for aligning security measures with institutional objectives and fostering a proactive security culture. 

Securing the supply chain 

Securing the supply chain is also vital due to its susceptibility to various threats. Institutions must manage risks from opportunistic criminals and organised crime entities throughout the supply chain. Comprehensive supply chain security involves detailed risk assessments, establishing assurance frameworks, and aligning practices with regulatory requirements to ensure operational continuity. 

Final thought 

By addressing these critical areas—risk assessments, governance, personnel security, insider threats, supply chain security, and emergency planning—educational and healthcare institutions can significantly strengthen their security measures and better safeguard their communities. 

Insider threats, whether malicious, unintentional, or arising from foreign actors, require sophisticated mitigation strategies. Implementing these strategies is crucial, but equally important is the testing and validation of the systems and processes in place. This provides assurance that the measures are effective and can adapt to evolving threats. 

Adash Janiszewski

Chief Executive Officer

Adash is Providence’s CEO and is responsible to the Providence Board and Providence’s clients for ensuring the timely delivery of outcomes through advice, guidance and mentoring to Providence’s staff.