In the wake of the pandemic, the education sector saw one of the most dramatic digital transformations as schools and universities worldwide were forced to move overnight to remote learning. This resulted in a growing cybersecurity footprint seized by attackers, especially targeting the Domain Name System (DNS) which plays a crucial role in routing internal and external traffic. While almost all organizations have been vulnerable, K-12 schools have been shown to be particularly at risk.

Entering 2021, schools began to adopt hybrid learning systems incorporating remote e-learning and in-school learning, making resiliency of DNS and Dynamic Host Configuration Protocol (DHCP) services vital for students and staff to connect to the network and access applications. Unless institutions prepare and work to strengthen their DNS security, remote learning environments will remain at risk from attackers, meaning private information and productivity will be seriously threatened.

DNS Attacks 

According the the 2021 Global DNS Threat Report, published by International Data Corp., the education sector remains highly vulnerable to these attacks. Of all the organizations surveyed, 76% were victims of DNS attacks, and they reported suffering six attacks on average. The overall average cost per attack was $851,000.

DNS attacks threaten the education sector in several major ways, including the following.

  • Financial, reputation, and productivity loss — A successful DNS attack can result in significant financial impacts for universities and permanently damage their reputation (41% experienced a compromised website). DNS attacks caused app downtime for 51% of organizations, and cloud service downtime for 35% of them.
  • Data theft — Cybercriminals may attempt to access sensitive student and staff data, including names and addresses, in order to sell it to a third party. The report showed that one in four organizations were victims of data theft via DNS.
  • IP theft and espionage — This is especially the case for research institutions developing new solutions in the fields of computer science as well as medical or natural sciences.
  • Ransomware — Attackers may also try to disrupt or halt traffic on a university’s network in order to hurt productivity or to extort money from the university.

Phishing Attacks and Ransomware

The survey data demonstrates that organizations in the education sector were susceptible to a variety of DNS attacks. Phishing was the most reported attack type, with 34% of education institutions having experienced phishing. Similarly, distributed denial of service (DDoS) attacks, which may cause widespread disruption of an organization‘s network, were a common occurrence as well (17%).

Education is particularly vulnerable to both DNS attacks and data theft. The size of possible data breaches can be seen in the attack on the Baltimore School District in late 2020. The Baltimore County’s school system was shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until weeks later that school officials could finally regain access to vital files they feared were lost, including student transcripts, recorded grades, and special education program records.


Unfortunately, many countermeasures being taken to mitigate the impact of DNS attacks are not suitable: 49% shut down the DNS server, 37% shut down part of the network infrastructure, and 37% disabled affected applications. These measures may stop an attack in process, but they are harsh and can have a serious effect on output as well as on the general learning experience — especially if students cannot access e-learning tools by logging into the network remotely. On average, it took educational institutions the longest time to mitigate an attack (7.6 hours). Therefore, universities and schools would benefit from a purpose-built DNS security solution offering adaptive countermeasures that keep services running while an attack is being mitigated.

Fortunately, DNS is ideally placed to be the first line of defense as it has unique early visibility over most traffic. Numerous effective steps strengthen security measures and help mitigate DNS attacks once they occur, as outlined below.

  • IT Hygiene — IT departments in the education sector should implement internal threat intelligence to protect data and services. Using real-time DNS analytics helps detect and thwart even advanced attacks and is particularly necessary for catching data exfiltration via DNS, which traditional security components, such as firewalls, are unable to detect. This is why 35% of organizations see monitoring and analysis of DNS traffic as their top priority for preventing data theft, compared to securing endpoints (22%) or adding more firewalls (23%).
  • Automation — According to the survey, less than half of education institutions have implemented automation of network security policy management.
  • “Zero-trust” strategies — Education organizations should also rely more on zero-trust strategies, strengthening verification before granting access to resources.

On top of the huge uptake of bring your own device (BYOD) and cloud, COVID-19 has had a dramatic impact on education networks, and as organizations continue with hybrid systems a secure digital infrastructure is more important than ever. School districts and universities need to ensure their data and privacy are protected, so DNS security has become a critical component of their new digital education reality. 

This article was contributed by EfficientIP.