sb-nz logo
Story image

Education sector most at risk of DNS attacks - with a steep cost

28 Oct 2020

IDC & EfficientIP’s 2020 Global DNS Threat Report indicates that the overall cost of a DNS attack is a staggering US$867,000, and the education sector is most likely to feel the brunt.

The report, which is based on responses from 900 IT professionals in Asia Pacific, Europe, and North America, found that 84% of education organisations surveyed have been hit by DNS attacks, with each suffering an average of eight attacks.

Respondents from education firms state that they are also plagued by distributed denial of service (DDoS) attacks (44% of respondents), while phishing attacks continue to be a problem for 52% of firms.

The education sector is more susceptible to certain DNS attacks - for example, the sector has been hit by more attacks based on zero-day vulnerabilities than the average of all sectors. 

“The damage cost from DNS attacks on schools can be very high,” says EfficientIP vice president of strategy Ronan David.

“A successful DNS attack can result in anything from significant financial losses for universities to reputational damage to network disruption. Not only that, stolen information—like addresses and other confidential data of students and staff—can be sold to a third party or held for ransom.”

The education sector is also vulnerable to data theft, in-house application downtime, and it reported the most instances of compromised websites.

According to the report, 56% of education organisations temporarily shut down specific affected processes and connections, and 70% disable some or all of the affected applications. Further, 44% of respondents are likely to shut down a server or service in the event of an attack.  On average, it takes educational institutions 5.5 hours to mitigate an attack.

What do criminals have to gain from DNS attacks? The report suggests that espionage and intellectual property theft could shed some light - particularly when analysing research facilities that develop innovations in the computer, medical, or natural science fields.

IT decision-makers in the education sector use a variety of methods to protect themselves from DNS attacks. They include: 

  • Automation of network security policy management (48%)
  • DNS traffic monitoring and analysis (38%) 
  • Securing network endpoints (32%)
  • A zero-trust approach (24%)
  • Adding new firewalls (20%) 

“DNS sees virtually all IP traffic, so is ideally placed to be your first line of defence. Analysis of DNS traffic can greatly help detection and mitigation of threats. DNS traffic inspection can also catch data exfiltration attempts, which traditional security components such as firewalls are unable to detect,” concludes David.

Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More
Story image
Ping Identity announces appointment of new VP of R&D
In his new role as head of research and development, Burke will be expected to drive product strategy and development across Ping Identity’s entire suite of solutions.More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
IWD 2021: LogRhythm VP on recognising the skills women bring to the table
"There is an opportunity for IT companies to strengthen their learning and development pipeline and help women acquire the relevant skills."More
Story image
Connected car technology vulnerable to cyber attacks - Trend Mirco
there are ample opportunities for attackers looking to abuse connected car technology."More