Key points:
Ransomware attacks continue to wreak havoc on the education sector, affecting 80 per cent of lower education providers and 79 per cent of higher education providers this year. That's a significant increase from 56 percent and 64 percent in 2022, respectively.
As “targeted by the cyber-rich and cyber-poor” institutions, schools store massive amounts of sensitive data, from intellectual property to personal information of students and teachers. Outdated software, limited IT resources, and other security weaknesses further increase your risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate a victim's network and encrypt their data, holding it hostage. After encryption, the criminals demand payment of a ransom in exchange for the decryption key needed to recover your files.
But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; Attacks can also cause downtime that disrupts learning for students. The impact of ransomware has become so severe that the Biden Administration has even committed to providing ongoing assistance and resources to help schools strengthen their cyber defenses.
So while ransomware in the education sector is not a new phenomenon, the stakes are high. And since both higher and lower education institutions report the higher attack rates Among all industries surveyed in a recent study, the need for greater defense preparedness in the education sector has never been more evident.
Three ransomware trends that will disrupt classrooms in 2023
Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, allowing adversaries to specialize in different attack stages. Amid the current rise of ransomware, education IT and security leaders must remain aware of the evolving threat landscape in order to effectively safeguard their networks and systems.
Here are some trends The state of ransomware in education 2023 report that demands attention now:
1. Adversaries are taking advantage of compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education institutions and 65 percent against early education institutions this year originated from compromised credentials and exploited security flaws in software.
Although the root causes of attacks are similar in other industries, educators experienced significantly more attacks originating from compromised credentials. The industry's lack of adoption of multi-factor authentication (MFA) technology, a critical tool for preventing these types of attacks, likely plays a role in this trend.
2. Educational institutions lag behind other industries when it comes to data backups. Using data backups is critical to recovering encrypted data and reducing downtime in the event of an attack. Still, only 63 percent of higher education organizations use backups, which is below the cross-industry average of 70 percent. Lower education institutions perform slightly better in this area, with 73 percent of organizations standing behind their data.
However, the use of backups to recover encrypted data has decreased over the past year, a worrying trend given the high rate of ransomware attacks against the sector.
3. Educators are paying ransoms. But should they? Education had one of the highest rates of ransom payments of all industries, with 56 percent of higher education institutions and 47 percent of lower education institutions paying the ransom in attacks in 2023. The provision of educators to pay the ransom is often due to factors such as critical nature. of its operations and the potential impact of data exposure on staff and students.
But paying the ransom is a risky and often expensive move because there is no way to guarantee that adversaries will provide the decryption key. Even if they do, victims may need to spend a lot of time and resources recovering data. In fact, paying the ransom actually increased recovery costs. and longer recovery times for victims this year.
Empowering Educators: How to Defend Against Ransomware Attacks
Factors such as resource limitations can make it difficult to maintain comprehensive and up-to-date cybersecurity measures. But with an understanding of optimal incident response protocols and adversary tools, techniques and procedures (TTPs), you can prioritize practices and investments that strengthen your institution's defenses against ransomware.
- Explore CISA Guidelines and Toolkits for recommendations and best practices when it comes to sharing information, maintaining defenses with limited resources, and more.
- Maintain adequate cybersecurity hygiene through routine patches and periodic reviews of security tool configurations. Don't be afraid to turn to an outside expert to help you evaluate the effectiveness of your defenses.
- Defense against common attack vectors with tools like MFA and zero-trust network access to prevent exploitation of compromised credentials.
- Employ managed detection and response (MDR) services to improve your security with 24-hour threat monitoring.
- Leverage adaptive technologies that automatically respond to attacks to gain response time.
- Prepare for the worst by regularly backing up your data and maintaining an incident response plan that reflects the current threat landscape.
- Sensitize staff about the dangers of ransomware and best practices they can follow to mitigate the risk.
Cyber attacks are inevitable and ransomware is a common form of attack in the education sector. But you're not helpless: you have the ability to exert control over your institution's digital readiness.
By adhering to cybersecurity best practices, implementing tools that defend against emerging threats, and outsourcing services when necessary, you can equip your institution to respond to potential threats in an effective and timely manner.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=();t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)(0);
s.parentNode.insertBefore(t,s)}(window, document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘6079750752134785’);
fbq(‘track’, ‘PageView’);
