Mitigating Data Theft in the Education Sector with DNS Security

In recent years the education sector has undergone a significant digital transformation, replacing school books with tablets and in some cases physical classes with virtual classrooms. E-learning platforms and digital devices have become commonplace in most institutions, especially in higher education.

The COVID-19 pandemic has accelerated adoption of digital education tools, prompting ad hoc overnight solutions for remote learning. However, the BYoD culture and rising number of connections from remote locations has led to network security challenges. Cybercriminals have taken note of this so increasingly target the education sector through DNS. Without proper DNS security measures, this protocol can be easily exploited by hackers, with serious ramifications regarding data theft and productivity.

Unfortunately, lack of awareness and preparedness for DNS security threats has been a longstanding issue for both public and private education institutions across the globe, as confirmed by the numbers below.

The Education Sector is Most Vulnerable to DNS Attacks

According to the EfficientIP 2020 Global DNS Threat Report, published by IDC, the education sector is most vulnerable to these attacks. In fact, a total of 84% of organizations surveyed were victims of DNS attacks, with each suffering 8 attacks on average. The overall average cost of an attack was at 867,000 USD, a hefty price for public entities often reliant upon government funding.

DNS attacks threaten the education sector in several major ways:

• Financial Loss: Hackers may exploit DNS weaknesses for financial gain. A successful DNS attack can result in significant financial losses for universities and permanently damage their reputation.
• Data Theft: Cybercriminals may attempt to access sensitive student and staff data, including names and addresses, and sell this information to a third party.
• IP Theft and Espionage: Another motive for DNS attacks is espionage and theft of intellectual property. This is especially the case for research institutions developing new solutions in the fields of computer science as well as medical or natural sciences.
• Ransomware: Hackers may also try to disrupt or halt traffic on a university’s network in order to hurt productivity or to extort money from the university.

Data Theft Prolific, with Phishing on the Rise

The survey data demonstrates that, on average, organizations in the education sector were more susceptible to certain DNS attack types than companies in other sectors. Phishing was the most commonly reported attack type, with 52% of organizations in the education sector having experienced phishing compared to only 39% overall. Similarly, Distributed Denial of Service (DDoS) attacks, which may cause widespread disruption of universities’ network traffic, were a common phenomenon as well (44% in education compared to only 27% overall).

Education suffers a more severe impact from DNS attacks than many other industries. It is particularly vulnerable to data theft with the most instances of customer information or intellectual property stolen than any other sector (21% compared to 16% overall). The size of data breaches can be seen in the Georgia Tech incident last year that compromised the data of 1.3 million people, after hackers gained unauthorized access to a web application.

Other key impacts are just as striking: education institutions reported in-house app downtime at a frequency 8% higher than other sectors (70% compared to the average of 62%), and 42% of institutions reported cloud service downtime which significantly impacts the access to cloud-based apps. The figure for compromised websites (63%) is 17% above the average (46%).

Shoring Up Networks to Mitigate Threats

There are several countermeasures organizations can take to mitigate the impact of DNS attacks. Not all of them are equally effective, however. Of the educational organizations surveyed in the DNS Threat Report, 56% temporarily shut down specific affected processes and connections, and 70% disabled some or all of the affected applications. 44% of respondents were likely to shut down a server or service in the event of an attack. While these measures may bring an attack to a halt, they are relatively blunt instruments which can have a serious negative effect on research output as well as on the general learning experience—especially if students cannot access e-learning tools by logging into the network remotely. On average, it took educational institutions 5.5 hours to mitigate an attack—a long time for students and staff attempting to access critical apps and services.

Fortunately, there are numerous effective steps to strengthen security measures and to mitigate DNS attacks once they occur.

• IT Hygiene: IT departments in the education sector should implement internal threat intelligence to protect data and services. Using real-time DNS analytics helps detect and thwart even advanced attacks, and is particularly necessary for catching data exfiltration via DNS, which traditional security components such as firewalls are unable to detect. For helping ensure data confidentiality, the survey shows that improving DNS traffic monitoring and analysis, using DNS Guardian for example, is the top priority of IT decision makers in the sector (38%), far above adding new firewalls (20%) or securing network endpoints (32%).
• Automation: Another effective measure is leveraging EfficientIP’s open API to connect security silos, making use of integration with SIEMs, SOCs, Cisco Umbrella, Tufin etc.. According to the survey, less than half of education institutions have implemented automation of network security policy management.
• Zero-Trust Strategies: Education organizations should also rely more on Zero-Trust strategies. In short, Zero Trust helps prevent breaches by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources.

COVID-19 has had a dramatic impact on education, making a functioning and secure digital infrastructure more important than ever. In this context, DNS security has become a critical component of the new digital education reality. Our SOLIDserver Smart DDI technology is a perfect turnkey solution for higher education, ensuring high availability, security, and automation of the network. This can guarantee that university network infrastructure will actively support professors and students, whether they’re on campus or learning remotely.