Schools are among the prime targets for ransomware attackers due to their lack of strong cybersecurity defences and the goldmine of personal data they hold, a new global survey has found.
The State of Ransomware in Education 2022 survey, conducted by global cybersecurity company Sophos, polled 5,600 IT professionals, including 320 lower education respondents and 410 high education respondents, in mid-sized organisations (100-5,000 employees) across 31 countries.
The survey found that both higher and lower education – are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020.
Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).
“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defences and the goldmine of personal data they hold,” Chester Wisniewski, principal research scientist at Sophos, said.
“Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience.”
Even if a portion of the data is restored, there is no guarantee what data the attackers will return, said Wisniewski.
“And, even then, the damage is already done, further burdening the victimised schools with high recovery costs and sometimes even bankruptcy,” he said.
“Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritise building up anti-ransomware defences to identify and mitigate attacks before encryption is possible.”
Interestingly, education institutions report the highest rate of cyber insurance payout on ransomware claims (100% higher education, 99% lower education). However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware (78% compared to 83% for other sectors).
"Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half [49%] report that the level of cybersecurity they need to qualify for coverage has gone up,” Wisniewski said.
“Cyber insurance providers are becoming more selective when it comes to accepting customers, and education organisations need help to meet these higher standards.”
Wisniewski said the fact that many schools have limited budgets means they should work closely with trusted security professionals to ensure that resources are being allocated toward the right solutions that will deliver the best security outcomes and also help meet insurance standards.
In the light of the survey findings, Sophos experts recommend the following best practices for all organisations across all sectors:
- Install and maintain high-quality defences across all points in the environment. Review security controls regularly and make sure they continue to meet the organisation’s needs
- Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
- Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
- Make backups, and practice restoring from them to ensure minimize disruption and recovery time
Skills shortage contributing to cybersecurity woes
Rodger Cook is the general manager of global security services at World Travel Protection, which helps schools identify and mitigate risks associated with all aspects of their physical and protective security requirements.
“During COVID a lot of organisations found themselves in a bidding war to maintain IT skills due to a skills shortage,” Cook said told The Educator.
“The most sought-after IT professionals are those associated with Cyber Security. In North America cybercrime has increased by 55% over the last two years.”
Studies show that prior to the invasion by Russia, Ukraine was the number one IT outsourcing destination for Central and Eastern Europe. In addition to this, companies like Google, Oracle and Samsung use Ukraine as their primary outsourcing destination for Research and Development.
“These resources, for the most part, are no longer available, placing even further strain on available resources,” Cook said.
“Not investing in IT can compromise a school’s [or any other business’] cybersecurity, which can have an expensive ripple effect on the business.”