In the wake of the pandemic, the education sector saw one of the most dramatic digital transformations as schools and universities worldwide were forced to move overnight to remote learning. This resulted in a growing cybersecurity footprint seized by attackers, especially targeting the Domain Name System (DNS) which plays a crucial role in routing internal and external traffic. While almost all organizations have been vulnerable, K-12 schools have been shown to be particularly at risk.
As school systems went into 2021 they began to adopt hybrid learning systems incorporating remote e-learning and in-school learning, making resiliency of DNS and DHCP services vital for students and staff to connect to the network and access applications. Unless institutions prepare and work to strengthen their DNS security, remote learning environments will remain at risk from attackers, meaning private information and productivity will be seriously threatened.
DNS attacks impacts financials, reputation and data compliance
According to the EfficientIP 2021 Global DNS Threat Report, published by IDC, the education sector remains highly vulnerable to these attacks. Of all the organizations surveyed, 76% were victims of DNS attacks and they reported suffering 6 attacks on average. The overall average cost per attack was 851,000 USD, which is an incredibly large price tag for government-funded public institutions with limited resources.
DNS attacks threaten the education sector in several major ways:
- Financial, Reputation and Productivity Loss: A successful DNS attack can result in significant financial impacts for universities and permanently damage their reputation (41% experienced a compromised website). DNS attacks caused app downtime for 51% of organizations, and cloud service downtime for 35% of them
- Data Theft: Cybercriminals may attempt to access sensitive student and staff data, including names and addresses, and sell this information to a third party. The report showed that one in four organizations were victims of data theft via DNS
- IP Theft and Espionage: This is especially the case for research institutions developing new solutions in the fields of computer science as well as medical or natural sciences.
- Ransomware: Attackers may also try to disrupt or halt traffic on a university’s network in order to hurt productivity or to extort money from the university.
Phishing attacks lead as Ransomware risk grows
The survey data demonstrates that organizations in the education sector were susceptible to a variety of DNS attacks. Phishing was the most reported attack type, with 34% of education institutions having experienced phishing. Similarly, Distributed Denial of Service (DDoS) attacks, which may cause widespread disruption of an organization‘s network, were a common occurrence as well (17%).
Education is particularly vulnerable to both DNS attacks and data theft. The size of possible data breaches can be seen in the attack on the Baltimore School District in late 2020. The Baltimore County’s school system was shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until weeks later that school officials could finally regain access to vital files they feared were lost, including student transcripts, recorded grades, and vital student records for those in special education programs.
Make DNS your first line of defense
Unfortunately, many countermeasures being taken to mitigate the impact of DNS attacks are not suitable. 49% shut down the DNS server, 37% shut down part of the network infrastructure, and 37% disabled affected applications. These measures may stop an attack in process, but they are harsh and can have a serious effect on output as well as on the general learning experience – especially if students cannot access e-learning tools by logging into the network remotely. On average, it took educational institutions the longest time to mitigate an attack (7.6 hours), a long time for students and staff attempting to access critical apps and services. Universities and schools would therefore definitely benefit from a purpose-built DNS Security solution offering adaptive countermeasures, which keep services running while an attack is being mitigated.
Fortunately, DNS is ideally placed to be your first line of defense as it has unique early visibility over most traffic, so offers numerous effective steps to strengthen security measures and to mitigate DNS attacks once they occur:
- IT Hygiene: IT departments in the education sector should implement internal threat intelligence to protect data and services. Using real-time DNS analytics helps detect and thwart even advanced attacks and is particularly necessary for catching data exfiltration via DNS, which traditional security components such as firewalls are unable to detect. This is why 35% of organizations see monitoring and analysis of DNS traffic as their top priority for preventing data theft, compared to securing endpoints (22%) or adding more firewalls (23%).
- Automation: EfficientIP’s open API can be leveraged to connect security silos and share actionable event data, making use of integration with SIEMs, SOCs, Cisco Umbrella, Tufin etc.. According to the survey, less than half of education institutions have implemented automation of network security policy management.
- Zero-Trust Strategies: Education organizations should also rely more on Zero-Trust strategies, strengthening verification before granting access to resources such as by using the DNS filtering capability provided by SOLIDserver which provides unique control down to individual user level.
On top of the huge uptake of BYoD and cloud, COVID-19 has had a dramatic impact on education
networks, and as organizations continue with hybrid systems a secure digital infrastructure is more important than ever. School districts and universities need to ensure that their data and privacy are protected, so DNS security has become a critical component of their new digital education reality. Our SOLIDserver Smart DDI technology is a perfect solution for higher education, ensuring high availability, security, and automation of the network. Adopting technology like this can ensure students and faculty remain safe and connected, whether they are in the classroom or working remotely.