AS the world reverts back to face-to-face classes but keeps hybrid and full-online options open, the education sector will continue to encounter crimes on the digital front, a global survey commissioned by cybersecurity firm Sophos reveals.
The independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations (100-5,000 employees) across 31 countries was done by research agency Vanson Bourne, as commissioned by Sophos. Conducted between January and February 2022, respondents were asked to respond based on their online experiences over the previous year.
The findings reveal that educational institutions—both higher and lower education—are increasingly being hit by ransomware, with 60 percent suffering attacks in 2021 compared to 44 percent in 2020. Education institutions faced the highest data encryption rate (73 percent) compared to other sectors (65 percent), and the longest recovery time, with 7 percent taking at least three months to recover—almost double the average time for other sectors (4 percent).
“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” Chester Wisniewski, principal research scientist at Sophos said.
This trend also applies to the Philippines, where in the same study 69 percent of 150 companies surveyed were hit by some form of ransomware attack. Education institutions report the highest propensity to experience operational and commercial impacts from ransomware attacks compared to other sectors; 97 percent of higher education and 94 percent of lower education respondents say attacks impacted their ability to operate, while 96 percent of higher education and 92 percent of lower education respondents in the private sector further report business and revenue loss
Why is this?
“Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy,” Wisniewski explained.
Interestingly, education institutions report the highest rate of cyber insurance payout on ransomware claims (100 percent higher education, 99 percent lower education). However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware (78 percent compared to 83 percent for other sectors).
After a ransomware attack, only 2 percent of education institutions recovered all of their encrypted data after paying a ransom (down from 4 percent in 2020); schools, on average, were able to recover 62 percent of encrypted data after paying ransoms (down from 68 percent in 2020). Higher education institutions in particular report the longest ransomware recovery time; while 40 percent say it takes at least one month to recover (20 percent for other sectors), 9 percent report it takes three up to six months.
Sophos experts primarily recommend the following six best practices for all organizations across all sectors. First is to install and maintain high-quality defenses across all points in the environment and review security controls regularly and make sure they continue to meet the organization’s needs. Second is to proactively hunt for threats to identify and stop adversaries before they can execute attacks — if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team. Then, harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose. Fourth, prepare for the worst, and have an updated plan in place of a worst-case incident scenario. Finally, make backups, and practice restoring from them to ensure minimize disruption and recovery time. The rule to be followed is one backup is no backup at all.
“Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible,” Wisniewski shared.
