A new report published by the cyber security company Sophos found that most educational institutions — Primary schools, secondary schools and colleges — are increasingly affected by ransomware, with 60% of institutions attacked in 2021 compared to 44% in 2020.
"Educational institutions are among the institutions most vulnerable to the evils of ransomware."
Chester Wisniewski, Sophos’ chief research scientist.
The report reveals that educational institutions suffered from the highest rate of data encryption (73%) compared to other sectors (65%), as well as the longest recovery time, with 7% needing at least three months to recover their data - almost double the average time in the other sectors(4%).
The report also shows that the attacks achieved their goals, with 94% of respondents in elementary and high schools testifying that the attacks affected their ability to operate, while 96% of respondents in higher education institutions and 92% of respondents in elementary and secondary schools in the private sector also reported loss of business and income.
Vulnerability of schools to cyberattacks
"Educational institutions are among the institutions most vulnerable to the evils of ransomware. They serve as prime targets for attackers because of their overall lack of strong cybersecurity measures, and their gold mine of personal data," said Chester Wisniewski, Sophos’ chief research scientist.
"Unfortunately, these attacks won’t stop, so the only solution is to prioritize building anti-ransomware defenses to detect and prevent attacks before encryption becomes possible. Four out of ten schools say they receive fewer offers from insurance providers while nearly half (49%) say that they’re being required to increase their level of cyber security in order to be insured," Vishnevsky added.
“Cyber insurance providers are becoming more selective when it comes to accepting clients, and educational institutions need help meeting these high standards."
He concluded that with limited budgets, educators need to work closely with trusted cyber security professionals to ensure that funds are provided for the right solutions, which will give the best security results and also help to meet the standards of insurance providers.