Education institutions including both higher and lower education are increasingly being hit with ransomware, with 60 percent suffering attacks in 2021 compared to 44 percent in 2020, a survey by Sophos, a global cybersecurity company reveals.
The survey titled ‘The State of Ransomware in Education 2022 survey’ polled 5,600 IT professionals, including 320 lower education respondents and 410 high education respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.
Education institutions faced the highest data encryption rate at 73 percent compared to other sectors at 65 percent, and the longest recovery time, with seven percent taking at least three months to recover, which is almost double the average time for other sectors at four percent.
“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defences and the goldmine of personal data they hold,” Chester Wisniewski, a principal research scientist at Sophos, said.
According to the survey, Education institutions report the highest propensity to experience operational and commercial impacts from ransomware attacks compared to other sectors.
97 percent of higher education and 94 percent of lower education respondents say attacks impacted their ability to operate, while 96 percent of higher education and 92 percent of lower education respondents in the private sector further report business and revenue loss.
Also, only two percent of education institutions recovered all of their encrypted data after paying a ransom down from four percent in 2020, schools, on average, were able to recover 62 percent of encrypted data after paying ransoms down from 68 percent in 2020.
Read also: Huawei partners TD Africa to launch digital clean power solutions for Nigeria.
Higher education institutions, in particular, report the longest ransomware recovery time. While 40 percent say it takes at least one month to recover (20 percent for other sectors), nine percent report it takes three to six months.
“Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience.
“Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy,” Wisniewski said.
Also, education institutions report the highest rate of cyber insurance payout on ransomware claims (100 percent higher education, 99 percent lower education).
However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware, 78 percent compared to 83 percent for other sectors.
“Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half -49 percent report that the level of cybersecurity they need to qualify for coverage has gone up,” Wisniewski said.
The survey further stated that these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible.
While cyber insurance providers are becoming more selective when it comes to accepting customers, education organizations need help to meet these higher standards.
“With limited budgets, schools should work closely with trusted security professionals to ensure that resources are being allocated toward the right solutions that will deliver the best security outcomes and also help meet insurance standards,” Wisniewski said.
In the light of the survey findings, Sophos experts recommend the best practices for all organizations across all sectors including installing and maintaining high-quality defenses across all points in the environment.
Review security controls regularly and ensure they continue to meet the organization’s needs.
Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team, as well as harden the IT environment by searching for and closing key security gaps.
These include unpatched devices, unprotected machines, and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
Prepare for the worst, and have an updated plan in place of a worst-case incident scenario. Make backups, and practice restoring from them to ensure minimal disruption and recovery time.
