The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Tuesday, 12 November

World Education Not Taking Cyber Threat Cost Seriously

Cyber attack

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop it.

Research by EfficientIP and IDC found 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.

Surveying 900 security experts from nine countries across North America, Europe and Asia, the report found the education sector is failing to invest in its own security. Organisations suffered an average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000.

The state of Louisiana recently declared a state of emergency after three malware attacks on schools. In the UK, the University of York’s data breach again highlights the issue of security in the education sector.

 

Phishing

The research also revealed half of the DNS attacks education institutions experienced last year were phishing based. These attacks have devastating impacts for education organisations. These can range from in-house application downtime, affecting 66%, to compromised websites at 50%, high above the global average of 45% organisations experiencing this.

If education institutions are going to properly protect themselves and students enrolled, they need smarter countermeasures, say the reports authors. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% shutting down affected processes and connections.

 

Pulling the plug

Pulling the plug might help stop attacks, yet it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis and threat intelligence are needed to identify these threats before they begin and quarantine attacks without taking entire servers offline, disrupting normal service.

 

GDPR

Education has fallen behind healthcare, retail and other industries with only 22% of education institutions surveyed prioritising monitoring & analysing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation at just 8%, education is beginning to fall behind in too many key areas to quickly catch up.

 

Trust

David Williamson, CEO of EfficientIP, said: “Hackers are always looking for an easy way in, so it is disappointing the education sector is failing to invest in security despite universities and education facilities being a clear priority for hackers.

"When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.

We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating. Education organisations need to be more proactive, fully embracing DNS security. Otherwise, application downtime and the loss of sensitive and confidential data will keep damaging their reputations, alienating prospective students.”

Picture: The education sector heavily targeted by cyber attackers.

Article written by Cathryn Ellis

Share



Related Articles

Who Is The Weakest Link?

According to Sophos, 70% of internet users have the same password for almost all the web services they use - and there are groups of businesses and individuals who are...

 Read Full Article
Is BYOD Creating A GDPR Risk For Your Business?

Does your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...

 Read Full Article
Crown Prosecutions Service Prosecuted - And Other GDPR-type Convictions

You could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...

 Read Full Article
Gangsters' Paradise Leads To Jail Terms For Business Phishing Scam

Gangsters who altered business emails to rip-off more than £1 million have gone to jail. Two members of the Nigerian organised crime group who committed the fraud...

 Read Full Article
Learning To Be Tough On Weak Passwords

East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...

 Read Full Article
Most Organisations’ Biggest Security Concern Is Users

What Keeps You Up at Night – The 2019 Report looks at over 350 global organisations' security concerns and reveals people are the biggest perceived...

 Read Full Article
Cyber Crime Rises 24% - Huge Losses In The City And Nationally

The City of London has seen an increase of 24% in reports of cyber crime with email and social media hacking at the forefront of the problem for businesses and their...

 Read Full Article
GDPR - A Little Help From Your Friends

ThisWeekinFM is reminding readers GDPR is for life and not just May 25...but we also have a cunning plan to help keep you and your organisation compliant.  Whilst...

 Read Full Article
Two Million Fleet Drivers To Revalidate Driving Licence Data Consent

There are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...

 Read Full Article
Raising The Bar – Consent Under The GDPR

Straight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...

 Read Full Article