Ransomware attacks on educational institutions continue to rise globally, in large part due to the lack of defenses and the wealth of personal data available.

 

recent report – which surveyed 5,600 IT professionals in 31 countries – by British security software and hardware company Sophos, found that 56 percent of K-12 schools and 64 percent of colleges and universities report being hit by an attack in the past year. A considerable increase from the 44 percent of educational institutions overall that reported an attack in a 2021 Sophos survey.

 

These findings, the report noted, suggest that the “education sector is poorly prepared to defend against a ransomware attack, and likely lacks the layered defenses needed to prevent encryption if cybercriminals succeed in penetrating the organization.”

 

In the U.S. cyber experts echo this sentiment explaining that the combination of lagging cyber metrics and the wealth of data have made the education sector low-hanging fruit for cybercriminals.

 

To protect educational institutions and those they serve, the Infrastructure Investment and Jobs Act allocated $1 billion in Federal grants between 2022-2025. States are also required to match a certain percentage of the grants and submit a plan to the Cybersecurity and Infrastructure Security Agency with a statewide planning committee.

 

The Federal government also provides a variety of cybersecurity programs, services, and support for schools, including incident response assistance, network monitoring tools, and cyber-safety guidance for parents and students – via CISA, the Department of Education’s Office of Safe and Secure Schools, and the Federal Bureau of Investigation.

 

However, even as more educational institutions continue to be targeted, the report found the schools have gotten better at dealing with the aftermath of an attack.

 

“Almost all K-12 schools (99 percent) and higher education organizations (98 percent) hit by ransomware and that had data encrypted got some encrypted data back,” the report noted.

 

Backups are the number one method used to restore data; 73 percent of schools globally used this method. In addition, the report found that 46 percent of schools globally paid the ransom and 30 percent used other means to restore their data.

 

“These numbers demonstrate that educational organizations have a high propensity to use multiple restorations approaches in parallel to maximize the speed and efficacy with which they

can get back up and running,” the report noted.