ransomware is

(Photo by Stefani Reynolds / AFP)

Are educational institutions an easy target for ransomware attacks?

Ransomware has been wreaking havoc all across the world for years. A type of malware, ransomware attacks today target almost every industry. From financial services to healthcare, when an organization becomes a ransomware victim, the damage brought about is not only financially destructive but enough to see the business lose everything.

Some of the biggest ransomware attacks this year have targeted the manufacturing and IT industry, leaking credentials and such until the ransom is paid. While these industries continue to find ways to deal with ransomware attacks, a new study by Sophos showed that educational institutions are also being heavily targeted.

For educational institutions more precisely, the newly released survey report titled, The State of Ransomware in Education 2022, revealed that both higher and lower education are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020.

It also noted that education institutions had the longest recovery times (7% took at least three months), almost twice as long as other sectors’ average recovery times (4%), and the highest data encryption rates (73%) compared to other sectors (65%).

The findings come from an independent and vendor-agnostic survey of 5,600 IT professionals working in mid-sized organizations in 31 countries, including 730 respondents from the education sector.

Are educational institutions an easy target?

Education institutions are among the organizations that are being hit the hardest by ransomware, and Chester Wisniewski, the principal research scientist at Sophos, claims that this is due to the schools’ overall weak cybersecurity defenses and the goldmine of personal data they hold.

“Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy,” explained Wisniewski.

The critical information they possess, like learning data that is supplemented with background data, provides information on how well students are learning, what variables are linked to achievement, and which groups perform poorly. This distinguishes them from the other numerous organizations targeted by the serious cyber threat. System analysis, better resource allocation, agenda setting, and the policy cycle can all benefit from this information.

Preparing for ransomware attacks 

Schools and higher education institutions are a data goldmine, frequently gathering more private information about their prospective and current students, alumni, and staff members than private businesses do about their clients.

Therefore, it should come as no surprise that educational institutions are prone to vulnerabilities and frequently suffer from significant data breaches as a result of inadequate cybersecurity measures.

Wisniewski added, “Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible.”

In light of the survey results, the experts at Sophos advise the following best practices for all businesses in all industries:

  • Install and prolong top-notch defenses at all points in the environment. Make sure security measures are frequently reviewed and still satisfy the demands of the organization.
  • Harden the IT environment by looking for and addressing critical security vulnerabilities, such as unpatched devices, unprotected machines, and open RDP ports, for example. The best options for this are Extended Detection and Response (XDR) solutions.
  • If the team lacks the time or expertise to carry out this work internally, outsource to a Managed Detection and Response (MDR) team.
  • Have an updated plan in place for a worst-case occurrence scenario and be prepared for the worst.
  • Create backups and practice restoring from them to ensure that downtime and recovery times are kept to a minimum.

While these steps can boost cybersecurity at educational institutions, the reality is that the industry needs to constantly be aware of the importance of securing their data. Ransomware attacks are only going to get more advanced and sophisticated in the years to come. Education institutions must be prepared to deal with them or could end up facing severe consequences.