The education industry also has the lowest adoption of network security policy management automation at only 8%, according to a new report.
A report released on Wednesday suggests the education sector is one of the most targeted industries for cyberattacks but is doing very little to stop it.
“By nature, DNS is an open service to the network, and its mission-critical role for routing application access makes it a primary attack vector and target for hackers,” reads the report.
The report data was gathered from a survey conducted on behalf of EfficientIP of 904 organizations in North America, Europe and Asia during the first quarter of 2019, including those in the manufacturing, financial services, retail, telecom and media, healthcare, education, government and utilities industries.
The new research reveals 86% of education sector respondents experienced under the radar DNS attacks in the past year — the second-highest across all sectors after government. Additionally, 55% of the DNS attacks education institutions experienced were phishing-based.
The education sector is failing to invest in its own security, according to the report, as only 22% of education institutions reported prioritizing the monitoring and analyzing of DNS traffic to meet compliance requirements of data regulations. The education sector also has the lowest adoption of network security policy management automation at only 8%.
“Hackers are always looking for an easy way in, so it is disappointing the education sector is unable to invest in security despite universities and education facilities being a clear priority for hackers,” said David Williamson, CEO of EfficientIP. “When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.”
Williamson also addressed the fact that in July, Louisiana declared a state of emergency after three malware attacks on schools.
“We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating. Education [organizations] need to be more proactive, fully embracing DNS security,” he added. “Otherwise, application downtime and the loss of sensitive and confidential data will keep damaging their reputations, alienating prospective students.”
Additionally, 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services with a further 64% shutting down affected processes and connections.
“Pulling the plug might help stop attacks, but it’s a blunt instrument attempting to stop increasingly sophisticated threats,” reads a press release from EfficientIP regarding the report findings.
Here are some additional overall findings from the survey:
- 82% of respondents experienced a DNS attack
- All surveyed organizations suffered an average of 11 attacks last year, resulting in an annual toll of $7,370,000
- The average number of DNS attacks went from 7.08 in 2018 to 9.45 in 2019
- The average cost per attack increased by 49% from $715,000 in 2018 to $1,000,700 in 2019
- In-house application downtime increased from 31% in 2018 to 63% in 2019
- Compromised websites increased from 33% in 2018 to 45% in 2019
- Sensitive information stolen decreased from 22% in 2018 to 13% in 2019
- 24% of organizations were victims of DNS tunneling last year
The report also offers the following overall recommendations to protect users, apps and data:
- Implement internal threat intelligence to protect your enterprise data and services
- Using real-time DNS analytics helps detect and thwart advanced attacks such as Domain Generating Algorithm (DGA) malware and zero-day malicious domains.
- Make use of DNS for ensuring security compliance
- Integrating DNS with IP Address Management (IPAM) in network security orchestration processes helps automate the management of security policies, keeping them current, consistent and auditable.
- Leverage DNS’s unique traffic visibility in your network security ecosystem to help SOCs accelerate remediation
- Implementing real-time behavioral threat detection over DNS traffic allows qualified security events rather than logs to be sent to Security Information and Event Management (SIEM) systems.