Universities fail to learn the importance of cybersecurity, suffering over five devastating cyber attacks a semester.

EfficientIP, specialists in DNS security for service continuity, user protection and data confidentiality, revealed the education sector is one of the most heavily targeted industries by cyberattacks in its 2019 Global DNS Threat Report. Research by EfficientIP and IDC found 86% of education sector respondents experienced under the radar Domain Name System (DNS) attacks in the past year, the second-highest across all sectors after government.

Surveying 900 security experts from nine countries across North America, Europe and Asia, the report found the education sector is failing to invest in its own security. Organisations suffered an average of 11 attacks last year, each costing $670,000 – resulting in an annual toll of $7,370,000. The state of Louisiana recently declaring a state of emergency after three malware attacks on schools and the University of York’s data breach both highlight the issue of security in the education sector.

The research also revealed half of the DNS attacks education institutions experienced last year were phishing-based. These attacks have devastating impacts for education organisations. These can range from in-house application downtime, affecting 66%, to compromised websites: 50%, high above the global average of 45% organisations experiencing this.

If education institutions are going to properly protect themselves and students enrolled, they need smarter countermeasures. 50% of those surveyed said they currently attempt to mitigate attacks by shutting down servers and services, a further 64% shutting down affected processes and connections. Pulling the plug might help stop attacks, but it’s a blunt instrument attempting to stop increasingly sophisticated threats. Smarter DNS monitoring, analysis and threat intelligence are needed to identify these threats before they begin, and quarantine attacks without taking entire servers offline, disrupting normal service.

Education has fallen behind healthcare, retail and other industries with only 22% of education institutions surveyed prioritising monitoring & analyzing DNS traffic to meet the compliance requirements of data regulations such as GDPR. In addition, with the lowest adoption of network security policy management automation, 8%, education is beginning to fall behind in too many key areas to quickly catch up.

David Williamson, CEO of EfficientIP, commented: “Hackers are always looking for an easy way in, so it is disappointing the education sector is failing to invest in security despite universities and education facilities being a clear priority for hackers.

“When students and professors trust their institutions with sensitive personal information and intellectual property this paints a big target on universities’ backs and makes them responsible for safeguarding it.

“We live in an era of governments declaring a state of emergency and officially involving themselves with cyberattacks on schools. Reaching this point means the education sector’s problems are escalating. Education organisations need to be more proactive, fully embracing DNS security. Otherwise, application downtime and the loss of sensitive and confidential data will keep damaging their reputations, alienating prospective students.”