World Education Not Taking Cyber Threat Cost Seriously

• Content
• International
• World Education Not Taking Cyber Threat Cost Seriously

04 October 2019

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop it.

Research by EfficientIP and IDC found 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.

Surveying 900 security experts from nine countries across North America, Europe and Asia, the report found the education sector is failing to invest in its own security. Organisations suffered an average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000.

The state of Louisiana recently declared a state of emergency after three malware attacks on schools. In the UK, the University of York’s data breach again highlights the issue of security in the education sector.

Phishing

The research also revealed half of the DNS attacks education institutions experienced last year were phishing based. These attacks have devastating impacts for education organisations. These can range from in-house application downtime, affecting 66%, to compromised websites at 50%, high above the global average of 45% organisations experiencing this.

If education institutions are going to properly protect themselves and students enrolled, they need smarter countermeasures, say the reports authors. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% shutting down affected processes and connections.

Pulling the plug

Pulling the plug might help stop attacks, yet it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis and threat intelligence are needed to identify these threats before they begin and quarantine attacks without taking entire servers offline, disrupting normal service.

GDPR

Education has fallen behind healthcare, retail and other industries with only 22% of education institutions surveyed prioritising monitoring & analysing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation at just 8%, education is beginning to fall behind in too many key areas to quickly catch up.

Trust

David Williamson, CEO of EfficientIP, said: “Hackers are always looking for an easy way in, so it is disappointing the education sector is failing to invest in security despite universities and education facilities being a clear priority for hackers.

"When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.

We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating. Education organisations need to be more proactive, fully embracing DNS security. Otherwise, application downtime and the loss of sensitive and confidential data will keep damaging their reputations, alienating prospective students.”

Picture: The education sector heavily targeted by cyber attackers.

Article written by Cathryn Ellis | Published 04 October 2019

Share

Related Articles