Education Sector Has Highest Share of Ransomware Victims

Written by

The education sector recorded a higher share of ransomware victims than any other in 2022, according to a new report from Sophos.

The security vendor’s report, The State of Ransomware in Education 2023, was compiled from interviews with 400 IT and cybersecurity leaders globally; split evenly across schools and higher education institutions.

It revealed that 79% of higher and 80% of “lower” education institutions were compromised by ransomware over the past year – up from 64% and 56% in 2021, respectively.

Read more on ransomware: Ransomware Encryption Rates Reach New Heights

Exploits and compromised credentials accounted for 77% of ransomware attacks against higher education organizations and 65% of attacks against lower education organizations, Sophos added. Breaches stemming from compromised credentials (37%/36%) accounted for a much bigger share than the cross-industry average of 29%.

“The lack of adoption of multi-factor authentication (MFA) technology in the education sector makes them even more at risk of this method of compromise,” argued Chester Wisniewski, field CTO, Sophos.

“Like the US federal government’s initiative to mandate all agencies use MFA, it is time for schools of all sizes to employ MFA for faculty, staff and students. It sets a good example and is a simple way to avoid many of these attacks from getting in the door.”

Interestingly, the education sector had one of the highest rates of ransom payment, with over half (56%) of higher education victims and 47% of schools paying up. This may account for why the sector is so frequently targeted by threat actors. Another possible factor is the fact that higher education institutions are less likely to maintain backups than the cross-sector average (63% versus 70%).

“While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities,” said Wisniewski.

“The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals.”

What’s hot on Infosecurity Magazine?