Universities are failing to learn the importance of cybersecurity, suffering over five devastating cyber attacks a semester, according to the IDC 2019 Global DNS Threat Report commissioned by EfficientIP.
The report found that 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.
Surveying 900 security experts from nine countries across North America, Europe, and Asia, the report found that the education sector is failing to invest in its own security. Organizations suffered an average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000. The attacks on NTU and NUS point to the vulnerability of the education sector in Singapore, especially when the motivation is to steal valuable research.
The report also revealed that half of the DNS attacks education institutions experienced last year were phishing-based. These attacks have devastating impacts on educational organizations. These can range from in-house application downtime, affecting 66%, to compromised websites: 50%; high above the global average of 45% of victim organizations.
If education institutions are going to properly protect themselves and their students, they need smarter countermeasures. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% by shutting down affected processes and connections. Pulling the plug might help stop attacks, but it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis, and threat intelligence are needed to identify these threats before they begin, and quarantine attacks without taking entire servers offline, disrupting normal service.
Education has fallen behind healthcare, retail and other industries, with only 22% of education institutions surveyed prioritizing monitoring & analyzing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation (8%) education is beginning to fall behind in too many key areas to quickly catch up.
Nick Itta, Vice President, Sales, APAC, EfficientIP, pointed out that: “Cyberattacks are no less frequent and severe in education than other sectors. In fact, they are becoming more prevalent as educational institutions house valuable personal information about students and faculty and intellectual property. As Southeast Asia positions itself as an innovation-led region, cybersecurity remains critical in realizing that future vision.
He added, “For the education sector, the burden of responsibility falls on institutions to keep people and data safe. Yet, our report shows that they are woefully underprepared to cope with the risks. There is a need to invest more resources in cybersecurity measures, as well as encouraging students and faculty to do their part by practicing good cyber hygiene”.