With the end of summer, the “back to school” begins and both families and educational institutions prepare the last details for the start of a new course. After the boost in digitization that the educational sector carried out with the pandemic, now comes the turn of cyber protection for educational institutions, both higher and basic education.

And it is that, as revealed by Sophos, a global leader in next-generation cybersecurity, in its survey on “The State of Ransomware in Education 2022”, educational institutions of higher education and basic education are increasingly being attacked by ransomware, with 60% experiencing attacks in 2021 compared to 44% in 2020. Educational institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover, almost twice the average time for other sectors (4%).

The results of the survey also include:
Educational institutions report the highest propensity to experience business and operational impacts from ransomware attacks compared to other sectors. 97% of higher education and 94% of basic education respondents say the attacks affected their ability to operate, while 96% of higher education and 92% of basic education respondents in the private sector they also report loss of business and income.

Only 2% of educational institutions recovered all their encrypted data after paying a ransom (vs. 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (up from 68% in 2020). Higher education institutions, in particular, report the longest ransomware recovery time: while 40% say it takes at least a month to recover (20% for other sectors), 9% report it takes three to six months.

“Schools are hit hardest by ransomware. They are prime targets for attackers because they generally lack strong cybersecurity defenses and are a goldmine for the personal data they hold ,” says Chester Wisniewski, Scientist Sophos principal investigator.

“Educational institutions are less likely than others to detect attacks in progress, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is likely to be sensitive student records, the impact is far greater than most sectors would experience.

Even if a portion of the data is recovered, there is no guarantee what data the attackers will return, and even then, the damage has already been done, further burdening schools that have been attacked with high recovery costs and, sometimes even bankruptcy. Unfortunately, these attacks are not going to stop, so the only way forward is to prioritize deploying anti-ransomware defenses to identify and mitigate attacks before encryption is possible.”

Interestingly, educational institutions report the highest cyber insurance payout rate on ransomware claims (100% higher education, 99% basic education). However, as a whole, the sector has one of the lowest rates of cybersecurity coverage against ransomware (78% vs. 83% for other sectors).

” Four in 10 schools say fewer insurance providers are offering them coverage , while nearly half (49%) report that the level of cybersecurity they need to achieve coverage has increased,” explains Wisniewski. “Insurance providers are becoming more selective when it comes to accepting clients, and educational institutions need help meeting these higher standards. With limited budgets, schools must work closely with trusted security professionals to ensure that resources are allocated to the right solutions that will deliver the best security outcomes and also help meet insurance standards.”

Based on the survey results, Sophos cybersecurity experts recommend the following best practices for protecting all organizations across all industries:

Install and maintain high-quality defenses at all points in the environment . Review security controls regularly and ensure they continue to meet the needs of the organization

Perform proactive threat hunting to identify and stop adversaries before they can execute attacks. If the IT team lacks the time or skills to do it in-house, outsource to a Managed Detection and Response (MDR) team

Harden the IT environment by finding and closing major security gaps : unpatched devices, unprotected machines, and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose

Prepare for the worst, and have an up-to-date response plan for a worst-case incident scenario. Finally, make backup copies, and practice restoring from them beforehand to ensure that the interruption and recovery time are as little as possible.