Custom Search 1

The growing cyber security threat to the UK education sector

THREAT: UK public and education sector face major DNS threats

UK COUNCILS, schools and government offices were among global public sector and education organisations hit badly by DNS attacks last year – with nearly half reporting dealing with the issue cost them hundreds of thousands of pounds.

One example is the UK education network (Janet) which suffered a DDoS attack in April 2016, resulting in students and teachers in the UK being unable to connect to the apps offered by their university for almost 48 hours.

One in five (19%) of public sector sites and 11% of education bodies affected by DNS attacks say sensitive information was stolen, compared to 16% in the UK overall. A fifth (20%) of public sector and 12% of educational victims also think intellectual property data was lost compared to 15% for UK organisations overall, while 10% of schools and colleges affected say they needed to take more than one day to recover.

This is in the context of yearly average costs of DNS security breaches to be now running at £1.7m ($2.2m) for organisations globally, with malware (35%), DDoS (32%), Cache Poisoning (23%), DNS Tunnelling (22%) and Zero-Day Exploits (19%) as the main threats.

The concerning findings come from the 2017 Global DNS Threat Survey Report from EfficientIP. According to the report, 76% of all respondents were subjected to at least one DNS attack in last 12 months, with 28% suffering data theft.

EfficientIP’s CEO, David Williamson, also points out that the imminent (May 2018) arrival of the General Data Protection Regulation (GDPR) should sound loud alarm bells for CIOs and CISOs working in the sectors. “In less than a year, GDPR will come into effect, so organisations really need to start rethinking their security in order to manage today’s threats and save their businesses,” he added.

The Survey examines the technical and behavioural causes for the rise in DNS threats and their potential impacts on businesses across the world. Major issues identified include:

- Lack of awareness as to the variety of attacks
- Failure to adapt security solutions to protect DNS
- Poor responses to vulnerability notifications

“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organisations across the globe and their IT departments still don’t fully appreciate the consequences of DNS-based attacks,” added David Williamson.

The Voice is celebrating its 35th birthday this year. Share your Voice memories, comments and birthday wishes on social media, using the following hash tag: #Voice35Years

Read every story in our hardcopy newspaper for free by downloading the app.

Facebook Comments