According to the 2020 Global DNS Threat Report, education sees higher rates of data theft, phishing, app downtime, and compromised websites than any other sector surveyed
The 2020 Global DNS Threat Report, published by IDC and sponsored by EfficientIP, shows that the education sector is most vulnerable to cyberattacks, specifically attacks that utilize DNS. A total of 84% of education organizations surveyed are victims of DNS attacks, with each suffering 8 attacks on average. The overall average cost of an attack is $867,000, a hefty price for public entities often reliant upon government funding.
Within education, phishing attacks are the most commonly reported attack type: 52% of education organizations surveyed have experienced phishing (while all industry types averaged together suffered a phishing rate of 38.6%). Distributed Denial of Service (DDoS) attacks, which may cause widespread disruption of universities’ network traffic, are also popular at 44% (compared to only 27% overall).
The survey data also demonstrates that, on average, organizations in the education sector are more susceptible to certain DNS attack types than companies in other sectors. Education has experienced over double the rates of attacks due to zero-day vulnerabilities than the average (34% for education compared to 15.9% for the average). Education also saw 56% higher rates of DNS amplification attacks than the average (32% compared to 20.5%).
Like many sectors, education suffers significant damage from these kinds of cyberattacks. The industry is particularly vulnerable to data theft, with the most instances of customer information or intellectual property stolen than any other sector (21% compared to 16% overall). It also has the most instances of in-house application downtime (69.7%), and the most instances of compromised websites (63%).
“The damage cost from DNS attacks on schools can be very high,” says Ronan David, Vice President of Strategy at EfficientIP. “A successful DNS attack can result in anything from significant financial losses for universities to reputational damage to network disruption. Not only that, stolen information—like addresses and other confidential data of students and staff—can be sold to a third party or held for ransom.”
Another motive for DNS attacks is espionage and theft of intellectual property; this is especially the case for research institutions developing new solutions in the fields of computer science as well as medical or natural sciences.
To mitigate these threats, the respondents in the survey rely on several methods. 56% of the educational organizations temporarily shut down specific affected processes and connections, and 70% disabled some or all of the affected applications. 44% of respondents were likely to shut down a server or service in the event of an attack. On average, it took educational institutions 5.5 hours to mitigate an attack—a long time for students and staff attempting to access vital apps and services.
David explains that this is why DNS security is so critical. “DNS sees virtually all IP traffic, so is ideally placed to be your first line of defense. Analysis of DNS traffic can greatly help detection and mitigation of threats. DNS traffic inspection can also catch data exfiltration attempts, which traditional security components such as firewalls are unable to detect.”
The 2020 Global DNS Threat Report shows that improving DNS traffic monitoring and analysis is the top priority of IT decision makers in the education sector (38%) for protecting data confidentiality, far above adding new firewalls (20%) or securing network endpoints (32%). To safeguard apps, users and data, a zero trust approach is also recommended, though just 24% of educational institutions run or have piloted this to date. Another effective measure is the automation of network security policy management, which only half (48%) of respondents have implemented so far.
The 2020 Global DNS Threat Report research, which was conducted in collaboration with leading market intelligence firm International Data Corporation (IDC), sheds light on the frequency of the different types of DNS attack and the associated costs for the last year.
NOTE TO EDITORS
The research was conducted by IDC from January to April 2020. The data collected represents respondents’ experience for the previous year. The results are based on 900 respondents in three regions – North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT Managers, Security Managers and Network Managers.