IDC - EfficientIP's 2020 Global DNS Threat Report indicates that the overall cost of a DNS attack is a staggering US$867,000, and the education sector is most likely to feel the brunt.
The report, which is based on responses from 900 IT professionals in Asia Pacific, Europe, and North America, found that 84% of education organisations surveyed have been hit by DNS attacks, with each suffering an average of eight attacks.
Respondents from education firms state that they are also plagued by distributed denial of service (DDoS) attacks (44% of respondents), while phishing attacks continue to be a problem for 52% of firms.
The education sector is more susceptible to certain DNS attacks - for example, the sector has been hit by more attacks based on zero-day vulnerabilities than the average of all sectors.
“The damage cost from DNS attacks on schools can be very high,” says EfficientIP vice president of strategy Ronan David.
“A successful DNS attack can result in anything from significant financial losses for universities to reputational damage to network disruption. Not only that, stolen information—like addresses and other confidential data of students and staff—can be sold to a third party or held for ransom.
The education sector is also vulnerable to data theft, in-house application downtime, and it reported the most instances of compromised websites.
According to the report, 56% of education organisations temporarily shut down specific affected processes and connections, and 70% disable some or all of the affected applications. Further, 44% of respondents are likely to shut down a server or service in the event of an attack. On average, it takes educational institutions 5.5 hours to mitigate an attack.
What do criminals have to gain from DNS attacks? The report suggests that espionage and intellectual property theft could shed some light - particularly when analysing research facilities that develop innovations in the computer, medical, or natural science fields.
IT decision-makers in the education sector use a variety of methods to protect themselves from DNS attacks. They include:
- Automation of network security policy management (48%)
- DNS traffic monitoring and analysis (38%)
- Securing network endpoints (32%)
- A zero-trust approach (24%)
- Adding new firewalls (20%)
“DNS sees virtually all IP traffic, so is ideally placed to be your first line of defence. Analysis of DNS traffic can greatly help detection and mitigation of threats. DNS traffic inspection can also catch data exfiltration attempts, which traditional security components such as firewalls are unable to detect,” concludes David.