The education sector is one of the most heavily targeted industries by cyberattacks, EfficientIP has revealed in its 2019 Global DNS Threat Report.
Research included in the report by EfficientIP and IDC found that 86% of education sector respondents experienced cyberattacks under the radar Domain Name System (DNS) attacks in the past year.
The only sector with more attacks was government.
The research surveyed 900 security experts from nine countries across North America, Europe and Asia and found that the education sector is failing to invest in its own security.
On average last year, organisations suffered 11 attacks, the cost of each being $670,000 which equates to an annual toll of $7,370,000.
The fact that the state of Louisiana has declared a state of emergency after three malware attacks on its schools coupled with Lancaster University’s recent data breach both serve to highlight the security issue within the education sector.
Education sector lags behind when it comes to security from cyberattacks
Half of all DNS attacks experienced by education institutions last year were phishing-based.
The impact can be devasting for education organisations, ranging from in-house application downtime, affecting 66%, to compromised websites (50%), high above the global average (45%) of organisations experiencing this.
In order for education institutions to protect themselves and their students, they need smarter counter measures.
The report found that 50% of those surveyed said that they currently attempt to mitigate attacks by shutting down servers and services, with a further 64% shutting down affected processes and connections.
While these efforts may help stop attacks, smarter DNS monitoring analysis and threat intelligence are needed to identify these threats before they begin and quarantine attacks without taking entire servers offline and disrupting normal service.
Only 22% of education institutions surveyed prioritise monitoring and analysing DNS traffic to meet the compliance requirements of data regulations such as GDPR.
Education also has the lowest adoption of networks security policy management automation (8%).
Application downtime could lead to loss of students
David Williamson, CEO of Efficient IP, commented: “Hackers are always looking for an easy way in, so it is disappointing the education sector is failing to invest in security despite universities and education facilities being a clear priority for hackers.
“When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.
“We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating.
“Education organisations need to be more proactive, fully embracing DNS security. Otherwise, application downtime and the loss of sensitive and confidential data will keep damaging their reputations, alienating prospective students.”
EfficientIP are specialists in DNS security for service continuity, user protection and data confidentiality.
Pic: Markus Spiske