Universities get a failing grade responding to cyber threats
senior solutions architect, EfficientIP
Many higher education institutions are struggling to make the grade when it comes to cyber security standards.
A recent global survey report revealed that the higher education sector ranks as one of the worst to handle potential cyber threats, in particular at the Domain Name System (DNS) level which serves the gateway into any organization. Almost three-quarters (73%) of these organizations took three days or more to apply a patch after a notification, and the average cost for a DNS-based attack was close to $690,000. The report also revealed that in the last year, 32 percent of educational institutions suffered a compromised website and 38 percent experienced cloud service downtime. This is despite the fact that 91 percent of academic institutions claim to use firewall security systems to protect their network. It doesn’t end there. Once inside, threats have the ability to disrupt service or exfiltrate data. According to the survey, 21 percent of campuses lost intellectual property.
DNS-based threats targeted at academia are increasingly popular with hackers. 41 percent of educational institutions were affected by DNS malware last year, up from 25 percent the previous year. Recent news stories echo the prevalence, such as the nine Iranian hackers charged with one of the largest ever hacking campaigns that targeted over $3 billion of intellectual property at more than 300 universities.
Cyber criminals seem to be drawn to academic institutions for three main reasons: their networks remain open by nature, they deal with a large amount of sensitive data, and they are populated by carefree students toting multiple unsecured connected devices.
So, now universities have embarked on their school year. New students, teachers, staff and visitors have stepped onto campuses with multiple IP-enabled devices and therefore multiple opportunities for exposure. Unfortunately, these devices can be a threat to the very IT networks that support them.
It’s the lack of DNS security that is at the core. Traditional blanket security systems and firewalls are not enough to protect the DNS protocol- this must be a key component to any organization’s network security strategy. But as the research points out, when it comes to higher education facilities, it clearly isn’t.
So, what can organizations do to protect themselves from attacks?
Institutions need to ensure that they have a complete view and contingency plan across the entire network. Additionally, they need to consider fast risk mitigation with the right network tools to prevent and detect DNS attacks. This requires going above and beyond standard protection, with a network shield that scrutinizes every DNS query for issues like phishing, DNS tunneling and DDoS attacks. This can only be achieved when the institution’s network security is competent enough to understand the queries’ context and analyze each separately. Not only does this reduce the chances of a DNS threat entering the system, it also pinpoints the slightest erratic behavior as it occurs. Legacy security solutions unable to distinguish and analyze traffic are no longer sufficient to face new complex cyber threats.
Real-time, context-aware analysis for threat detection provides the ability to see hazards, and helps in the prevention of data theft while aiding compliance with the General Data Protection Regulation (GDPR) and US CLOUD Act. Hardening security for cloud or next generation datacenters, with a purpose-built DNS security solution, overcomes some of the limitations of solutions from cloud providers, as it protects the network from the inside. This will ensure continued access to cloud services and apps, protecting against exfiltration of cloud-stored data.
It’s paramount that universities review how they identify, analyze and block DNS-based threats – otherwise, they will remain vulnerable and a potential target. Campuses are hosting everything from laptops to smartphones, which make it a challenge for IT departments to assume those devices are secure. In the case of a network attack, a plethora of IoT devices can make it difficult to locate the source of the threat, and respond instantly with the right countermeasures. Being able to quickly recognize and investigate the attack, plus tying all the access controls to a centralized authority management system is critical.
The higher education sector currently ranks as one of the most vulnerable in terms of dealing with cyberattacks. With the number of DNS-based attacks and their cost both on the rise, the education sector will benefit from purpose-built solutions that provide context, closing loopholes for malware and threats to enter, and offering adaptive countermeasures to help guarantee availability of apps and services on and off-campus. This way schools can ensure that the first day of school isn’t the last.
[Editor’s Note: Check out Dennis’ other article, “Why universities need to prioritize network management.”]