Universities Need to be Schooled in DNS

Educators have a lot to learn when it comes to cyber security. Domain Name System (DNS) threats are not just limited to banks and logistic multinationals anymore. Universities and academic institutions are capturing the attention of fast-learning cyber criminals for three reasons: they deal with sensitive data, they are populated by carefree students and they tend to have smaller IT budgets than com/universities-dns/mercial organizations.

EfficientIP’s 2018 Global DNS Threat Report highlighted cost per DNS-based attack soared 68% to $690,000 in the Education sector last year. It is imperative for them to learn the lessons from more and more sophisticated DNS attacks. To better protect themselves, educational institutions need to enhance their threat detection and mitigation.

There are many that are slow to adopt. US-based Augusta University Health recently announced a data breach impacting approximately 400,000 patients. The University of Greenwich has also been fined £120,000 ($160,000) by UK watchdog Information Commissioner’s Office for a data breach.

The 2018 report also revealed 32% education institutions suffered a compromised website, 38% had to deal with cloud service downtime and 21% lost intellectual property. This despite the fact that 91% academic institutions have firewall security systems to protect their network.

Universities are perfect targets for hackers

Securing universities and higher education institutions from malicious DNS threats is critical, as they operate on complex and sometimes older networks. They often have links to the government, industry and military institutions, not to mention thousands of faculty members and students present on the network 24×7 on multiple devices. Handling this massive amount of sensitive data makes educators an enticing target for potential hackers.

Firewalls usually provide networks with a blanket shield which misses identifying singular DNS based threats. This occurs due to attackers using DNS as both a vector and their target to infiltrate the network. This means DNS attacks often come disguised under generic queries and they can also infiltrate systems by hiding under the sheer number of DNS queries. DNS attacks such as DNS hijacking can even come from inside the network itself.

Once in, these threats have the ability to disrupt service or exfiltrate data. DNS-based threats on academia are increasingly popular with hackers. 41% of educational institutions were vulnerable to DNS malware last year, up from 25% the previous year.

Educational institutions need to ramp up their network security, as 91% of organizations reported being subject to multiple DNS threats in the last 12 months. The percentage of education institutions that have experienced a DDoS (Distributed Denial of Service) attack of between five to ten gigabytes reached 39% up from 30% in the last year.

It is imperative schools, colleges and universities protect their network, not just with a generic layer giving ‘standard’ protection, but with a network shield that scrutinizes every DNS query for issues like phishing, DNS tunneling and DDoS attacks. This can only be achieved when the institution’s network security is competent enough to understand the queries’ context and analyze each separately. Not only does this reduce the chances of a DNS threat entering the system, it also pinpoints the slightest erratic behavior as it occurs.

Learning to fight DNS-based attacks

Legacy security solutions unable to distinguish and analyze traffic are no longer sufficient to face new complex cyber threats. Real-time context-aware analysis for threat detection augments an institution’s ability to see threats, and it will help in prevention of data theft and aid compliance with the General Data Protection Regulation (GDPR) and US CLOUD Act.

Hardening security for cloud or next generation datacenters, with a purpose-built DNS security solution, overcomes some of the limitations of solutions from cloud providers, as it protects the network from the inside. This will ensure continued access to cloud services and apps, protecting against exfiltration of cloud-stored data.

Recommendations

The higher education sector currently ranks as one of the most vulnerable in terms of dealing with cyber attacks. With the number of DNS-based threats and the cost per attack both on the rise, the education sector will benefit from protecting their network with solutions that provide context, closing loopholes for malware and threats to enter.