Sophos just published the “Sophos State of Ransomware in Education 2021,” which looks at the extent and impact of ransomware attacks on educational institutions worldwide during 2020.
In the wake of headline-grabbing ransomware attacks impacting education, including the REvil ransomware attack on Kaseya that hit schools in New Zealand, and recent alerts from the FBI and the UK’s National Cyber Security Centre warning of spikes in ransomware attacks targeting schools, the research findings confirm the particular vulnerability of educational institutions to this relentless cyberthreat.
The main research findings include:
However, those who paid recovered on average only around two-thirds (68%) of their data, leaving almost a third inaccessible; and just 11% got all their encrypted data back
“The education sector has long been an attractive target for cyber-attackers,” said Chester Wisniewski, a principal research scientist at Sophos. “The budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end-user behaviors, such as downloading pirated software.
“All this increases exposure to risk in any year, but in 2020 the pandemic happened, and education establishments had to switch, with short notice, to virtual learning environments, with very little time to think about security or provide basic cybersecurity training for all the new remote users. This significantly increased the sector’s vulnerability and adversaries were quick to seize the opportunity, leaving victims with the huge financial impact of having to rebuild IT infrastructure from scratch.
“To secure the network against ransomware, we advise IT teams to focus resources on three critical areas: building stronger defenses against cyberthreats, introducing security skills training for users, and, where possible, investing in more resilient infrastructure.”
The Sophos State of Ransomware in Education, 2021, the survey polled 5,400 IT decision-makers, including 499 education IT managers, in 30 countries across Europe, the Americas, Asia-Pacific, and Central Asia, the Middle East, and Africa.
The full “Sophos State of Ransomware in Education 2021” paper is available here.
If you’d like to speak to one of our experts about the impact of ransomware on education and what defenders can do to enhance security, or about ransomware in general, please get in touch.
Additional resources
Molly is a versatile and detail-oriented writer with a background in journalism & PR. She is passionate about technology, science, arts, and culture. She delves into extensive research and writing. She is a Published Author
Philanthropic Overhaul; When Generosity is More Than Money
How to Stay Ahead in an Evolving Job Market
Women Suffer the Worst as Conflict Permeates in Rural Sudan
To Use or Not to Use LLMs in Academia?
Why Voice Search Optimization Won’t Replace Search Engine Optimization
Should Your Company Hire a Chief AI Officer? We Spill the Tea on This Tech Trend. ☕️