Individual education providers are estimated to have experienced an average of 1,739 cyber-attacks every week.
Last year the average cost of a data breach in the education sector was £3.79 million.
As it has in many other industries, the threat profile in education has changed dramatically. With a shift towards virtual classrooms and an increased reliance on technology, the education sector has become an obvious target for cybercriminals.
In an industry with many individuals’ personal data at stake, spotting the first signs of an attack and preventing hackers taking over is vital. Here we discuss how ransomware operates in the industry and what preventative measures can be taken.
What is ransomware?
Ransomware is a software that specialises in extortion. It takes over your device, blocks you from accessing your data and demands a ransom for its release. Common infection vectors include email and SMS phishing scams and exploitation of the Remote Desktop Protocol.
For some paying the ransom may appear to be the cheapest and easiest option. However, nearly 40% of victims who pay the ransom never get their data back and 73% are targeted again in the future.
This kind of malware has been around for a long time but rose to prominence after the 2017 WannaCry outbreak that demanded bitcoin as ransom payment. More than 200,000 computers in 150 countries were targeted with total damages estimated to reach into the hundred millions or even billions.
The threat profile in the education industry
In July 2021, the education sector faced more cyber-attacks than any other industry, and with the continuous introduction of technologies and remote learning, there is no sign of this slowing down.
With so many devices relying on unsecure remote access, institutions across the world opened themselves up to new levels of cyber threats and highlighted themselves as easy targets.
The education sector is constantly battling phishing scams, ransomware, distributed denial of service and data breaches. Upgrading firewalls, securing endpoints and ensuring staff follow best practices are vital first steps in mitigating against these risks.
Ransomware in education
Due to its highly costly and destructive nature, ransomware has become one of the most significant threats to all education providers. The number and severity of attacks has increased year upon year with new threats constantly evolving.
Ransomware commonly targets education institutions through the Remote Desktop Protocol. In simple terms, the RDP is one of the most common methods remote workers use to connect to an organisation’s server. The FBI estimates that as much as 70% to 80% of ransomware gains access this way.
The Jisc 2022 Cyber Impact Report outlines the number of ransomware attacks over the last three years:
- 15 FES and HE organizations in 2020
- 18 universities and FES providers in 2021
- Since March 2021 more than 100 individual schools in the UK have been affected
The growing number of attacks highlights how serious of a threat ransomware poses. Implementing comprehensive cybersecurity protection to combat this should be a priority for any education institution.
What preventative actions can be taken?
- Keep your systems and applications up to date – most attacks succeed because the systems used by companies are not kept up to date, so the attack exploits security vulnerabilities.
- Be cautious with RPD – it is advisable to disable it unless it is strictly necessary.
- Zero-trust stance to combat phishing – if the sender is unknown, recipients should not open attachments or click links.
- Remote backups – lots of types of malware destroy backup copies on systems or devices. To avoid a total loss of data, make backup copies that are saved remotely and cannot be accessed.
- Advanced cybersecurity and protections on all endpoints – ransomware is a threat that is difficult to counter if you don’t have the right protection from the beginning. With advanced cybersecurity solutions, it is possible to deal with the threat, protect all endpoints and monitor the processes in real time to give you peace of mind with your cybersecurity.