Universities, and the education sector in general, appear to have failed to learn the importance of cybersecurity, suffering over five devastating cyber attacks a semester according to a new report.
EfficientIP, specializing in DNS security for service continuity, user protection and data confidentiality, revealed that the education sector is one of the most heavily targeted industries by cyberattacks in its 2019 Global DNS Threat Report. Research by EfficientIP and IDC found that 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.
Surveying 900 security experts from nine countries across North America, Europe and Asia, the report found that the education sector is failing to invest in its own security. Organisations suffered anaverage of 11 attacks last year, each costing $670,000 –resulting in an annual toll of $7,370,000. The attacks on NTU and NUS point to the vulnerability of the education sector in Singapore, especially when the motivation is to steal valuable research.
The report also revealed that half of the DNS attacks education institutions experienced last year were phishing-based. These attacks have devastating impacts for education organisations. These can range from in-house application downtime, affecting 66%, to compromised websites: 50%; high above the global average of 45% of victim organisations.
If education institutions are going to properly protect themselves and their students, they need smarter countermeasures. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% by shutting down affected processes and connections. Pulling the plug might help stop attacks, but it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis and threat intelligence are needed to identify these threats before they begin, and quarantine attacks without taking entire servers offline, disrupting normal service.
Education has fallen behind healthcare, retail and other industries, with only 22% of education institutions surveyed prioritising monitoring & analyzing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation (8%) education is beginning to fall behind in too many key areas to quickly catch up.
To read the full report please click here.