Retaining qualified IT staff is the key to cyber resilience

In a constantly evolving digital landscape, higher education institutions face numerous cybersecurity challenges, including the handling of vast amounts of sensitive data from student records and critical research findings. These factors, among others, make universities prime targets for cyber-threats, which makes establishing a secure digital environment vital. This requires a holistic approach, combining advanced technology, staff awareness and stringent policies. Key areas we focus on at the University of Indonesia include scalable infrastructure, integration of advanced technologies, comprehensive staff training and readiness to counter cyberattacks.

To manage cybersecurity effectively, we conduct regular assessments and updates to our IT infrastructure. This process allows us to identify areas that need improvement and adjust resources to meet expanding digital capacity demands. Scalable solutions, such as cloud computing and virtualisation, provide flexibility and can adapt to the evolving needs of our institution. Additionally, we have invested in AI-driven threat detection, enabling real-time data analysis to detect potential threats before they escalate. Intrusion detection and prevention systems (IDS/IPS) play a crucial role here, helping us monitor network traffic and prevent unauthorised access. Furthermore, we ensure that all sensitive data is encrypted both in transit and at rest, offering a vital layer of protection against unauthorised access.

While technological measures are indispensable, we recognise that cybersecurity is ultimately a people-centred field. Regular training programmes at UI are designed to equip staff and students with the knowledge they need to counter emerging threats. Phishing simulations, for instance, have become an integral part of our strategy, helping users recognise and respond to phishing attacks effectively. These exercises reinforce the importance of maintaining good cyber hygiene, such as not sharing passwords and updating them frequently. This ongoing awareness campaign fosters a cybersecurity-conscious culture across the university.

Preparation for potential cyberattacks is another critical area we focus on. Cyberattacks are unpredictable and can take various forms, so our IT team must be prepared to respond promptly. At UI, regular security audits, continuous monitoring and logging mechanisms are standard practices for detecting and analysing suspicious activity. These tools have proven invaluable in identifying risks early and preventing breaches. For example, phishing has been identified as a major threat to our institution, prompting us to implement advanced email filtering solutions and multi-factor authentication (MFA) to mitigate the risks associated with unauthorised access.

• Cybersecurity remains a critical issue that universities must face
• Tips on implementing cybersecurity in online learning
• Cybersecurity is not just for the geeks in the IT department

Amid all these measures, we have learned that a dedicated and skilled IT team is fundamental to effective cybersecurity. This human factor is vital not only in identifying and mitigating risks but also in implementing and maintaining long-term cybersecurity measures. However, one of the major challenges we face, as do many public universities, is retaining qualified IT staff in a competitive market.

Public institutions, especially in Indonesia, often struggle to retain skilled professionals due to non-competitive salary standards compared with the private tech industry and startups, as public institutions must adhere to government-regulated salary scales. In this context, UI has implemented several best practices to address this challenge:

1. Enhancing competence through continuous training
   We prioritise continuous training to keep our IT staff updated with the latest skills required to counter evolving cyber-threats. However, training alone is insufficient without a strategic long-term approach. We have implemented a succession planning programme for our IT team, which includes regular training sessions and professional certifications, such as CompTIA Security+ and Certified Information Systems Security Professional (CISSP). These certifications not only keep our staff’s skills relevant but also enhance their professional credentials, helping them stay current with industry advancements. This structured training programme has proven effective in retaining staff by providing clear opportunities for growth and development within the university.
2. Developing compelling career pathways
   To ensure that our IT staff feel valued and see the potential for advancement, we have developed career pathways that recognise both technical expertise and leadership skills. By offering incentives, such as involvement in research projects and opportunities to attend international conferences, we are creating an environment where IT professionals can build their reputations and stay engaged with the latest developments in cybersecurity. This approach also allows our IT staff to work on projects that align with their interests, which has contributed significantly to job satisfaction and retention.
3. Collaborating with industry for residency programmes and knowledge sharing
   To bridge the gap between our institution and the private tech industry, UI has initiated partnerships with prominent cybersecurity firms. Through these collaborations, we have created residency programmes in which our IT staff can gain direct experience with new technologies and practices. For example, short-term residency programmes with tech firms allow our staff to work closely with industry professionals, gaining insights into advanced cybersecurity applications. These partnerships not only enhance their technical expertise but also motivate them to continue their careers at the institution, knowing they can stay abreast of industry trends without leaving the academic environment.
4. Providing additional benefits and recognising excellence
   Beyond salary considerations, UI has developed additional benefits to retain our skilled IT staff. Offering access to premium health insurance, education subsidies and research funding helps improve job satisfaction and long-term retention. Our institution also recognises exceptional contributions through an annual award for IT staff who demonstrate innovation or significant impact in cybersecurity efforts. This recognition fosters a sense of achievement and loyalty, reducing turnover while enhancing staff motivation and morale.

Retaining qualified staff is a cornerstone of our cybersecurity strategy, particularly given the intense competition for talent from private tech companies. A committed IT team not only minimises the risk of cyber incidents but also strengthens our institution’s resilience in the face of increasingly complex cyber-threats.

At UI, we believe that effective cybersecurity management extends beyond technical tools and systems. It requires a comprehensive approach that includes fostering an environment where skilled professionals feel appreciated and have opportunities for continuous growth. In doing so, we protect not only the digital assets entrusted to us but also support the broader mission of creating a safe, secure environment for education and research.

Petrus Mursanto is the dean of the Faculty of Computer Science at Universitas Indonesia.

If you would like advice and insight from academics and university staff delivered direct to your inbox each week, sign up for the Campus newsletter.