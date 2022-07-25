By Alokananda Chakraborty

Education institutions—including both higher and lower education—are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020, according to a report by Sophos, a Britain-based security software and hardware company. The ‘State of Ransomware in Education 2022’ report notes that educational institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover—almost double the average time taken by other sectors (4%).

The ‘State of Ransomware in Education 2022’ survey polled 5,600 IT professionals, including 320 lower education respondents and 410 higher education respondents, in mid-sized organisations (100-5,000 employees) across 31 countries.

Evidently, schools are amongst those being hit the hardest by ransomware. “They’re prime targets for attackers because of their overall lack of strong cybersecurity defences and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos, in a prepared statement.

The problem is this: Educational institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done.

“Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritise building up anti-ransomware defences to identify and mitigate attacks before encryption is possible,” added Wisniewski.

Another finding shows that only 2% of educational institutions recovered all of their encrypted data after paying a ransom (down from 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (down from 68% in 2020).

So, how must institutions fight this menace? Sophos experts recommend the institutions install and maintain high-quality defences across all points in the environment. They must review security controls regularly and make sure they continue to meet the organisation’s needs. There is also a need to proactively hunt for threats to identify and stop adversaries before they can execute attacks—if the team lacks the time or skills to do this in-house, they must outsource the task to a Managed Detection and Response (MDR) team.

The other suggestion is to harden the IT environment by searching for and closing key security gaps; for instance, unpatched devices, unprotected machines and open RDP ports. Extended Detection and Response (XDR) solutions are ideal for this purpose.

That said, there is no substitute for preparedness. There must be back-ups to minimise disruption and recovery time.

Another interesting finding of the survey is that educational institutions reported the highest rate of cyber insurance payout on ransomware claims (100% higher education, 99% lower education). Paradoxically, the sector as a whole has one of the lowest rates of cyber insurance coverage against ransomware (78% compared to 83% for other sectors).

“Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half (49%) report that the level of cybersecurity they need to qualify for coverage has gone up,” said Wisniewski.

So, where does the problem lie? Cyber insurance providers are becoming more selective when it comes to accepting customers, and educational organisations need help to meet these higher standards. With limited budgets, schools should work closely with trusted security professionals to ensure that resources are being allocated towards the right solutions that will deliver the best security outcomes and also help meet insurance standards, says the report.

