School Cybersecurity Strategies as Ransomware Attacks Hit 56% of K-12

MS
Miranda Seade
Aug 2, 2022
cybersecurity education ransomware school data Sophos
Share this post

Editor’s Note: In the above video, Sai Huda’s company was incorrectly shown as “CyberCash.” The correct company name is CyberCatch, which is reflected in the write-up below.

Ransomware attacks are one of the biggest threats on the radar to businesses, from healthcare to QSR, especially since the several high-profile attacks in the last year. One of the most at-risk industries is education; primary school and colleges have been heavily impacted by ransomware threats as they often don’t have the infrastructure to stop or prevent attacks. It appears this gap between attacks and appropriate responses is only growing. A recent Sophos report conducted in February 2022 found that attacks are up across all of education, with 56% of K-12 schools and 64% of higher education institutions reporting a breach in 2021. This is up from 44% of the entire sector being affected by a ransomware attack in 2020.

“The reason why [schools] are in the line of sight is because these education institutions normally have vulnerabilities that can be easily exploited,” said Sai Huda, Founder and CEO of CyberCatch. “They have data and they would have a significant impact from a ransomware attack, let alone a data theft.”

If the Sophos report is any indication, the problem is only getting worse and schools need to invest in the right tools to protect themselves from future hacks. Experts explained that most educational institutions don’t make cybersecurity a priority, and attackers have caught on. The Sophos report reflects this; out of all the sectors studied, “education is the sector least able to stop data being encrypted in an attack,” with higher education reporting the highest data encryption rate at 74%. Hackers understand it’s fairly easy to access ransomable information from schools.

“The data is valuable because it is data about the students, about their parents and families, if they are a higher education institution, they may have research data that is of value to the attackers,” Huda said.

Schools therefore need to build the infrastructure and invest in a variety of resources to prevent their data from being leaked. While doing this can be timely and expensive, it’s likely less expensive than the average $1.5 million it cost educational institutions to retrieve ransomed data.

“[Schools should] get security advice from outside experts as there are organizations and individuals that will provide that on a pro-bono basis,” said Dave Cunningham, Senior Case Manager at Alvaka Networks.

Cunningham also mentions that educational organizations need to realize that there are different levels of security measures and they need to make sure they are implementing one that is high-caliber, proactive and responsive.

When a cybersecurity threat does happen to a school, the Sophos report found it takes them longer to address and stop the issue, usually because there aren’t specific staff members on hand that are trained to deal with this issue. This can amount to months on months of data being held hostage; higher education reported the slowest recovery time from a ransomware attack among all studied sectors, according to the Sophos report. It then costs taxpayers millions of dollars to satisfy the demands of the attackers.

While there are insurance companies that offer cyber liability insurance, it’s just now becoming a more popular solution and is not yet widely adopted. Educational institutions are reported to have below-average cyber insurance coverage, clocking in at 78% while the global average rests at 83%.

Hackers have recently taken on a double-extortion attack method where they not only hold sensitive data hostage under threat of public release, but they lock schools out of their systems all together until a ransom is paid, which includes access to admissions, enrollment, and school records.

The pandemic also opened up a lot of doors for hackers, as daily work projects and communications were suddenly conducted online and often done insecurely. Schools in particular were an easy target and collectively suffered a huge financial loss, upwards of $3.5 billion in 2021.

There are many ways that schools can try to protect themselves from cybersecurity attacks, from proper investment in personnel to more advanced network protection. The most important tip is for school and district administrators to proactively, instead of reactively, insulate against cyber breaches and to understand that even if their school wasn’t affected, the ramifications of being unprepared are enough to motivate investment into well-researched solutions.

Cunningham, who works with organizations to help recover ransomed information, advises for investments into immutable ransomware-resistant back-up solutions, multi-factor authentication for all remote and administrative access, and endpoint detection response software to create more oversight over potential or real-time attacks. Even just these basic investments will go a long way, he said.

“We’ve had eight school districts that have gotten attacked by ransomware that we have been part of helping to recover, and we can say in all eight of those school districts, the basic measures that I just listed off are not in place. And these are considered to be the starter measures, the basics that need to be in place,” Cunningham said.

According to Huda, the five main strategies that educational organizations can use in order to prevent data breaches are…

  • Making sure there is an incident response plan
  • Multi-factor authentication for all users
  • Segmenting their networks
  • Making sure backups are offline
  • Instituting control testing in order to ensure all solutions are in place and working effectively

The time to make these investments is now, Huda explained. His own organization conducted a Small and Medium-Sized Businesses Vulnerability Report during Q1 2022, which included schools in the U.S. and Canada, and found that if organizations don’t make necessary changes, they’ll continue to be at risk from sophisticated hackers.

“75% said they would only survive a ransomware attack three to seven days. 55% either don’t have an incident response plan or it’s outdated, stale, and they haven’t tested it in about a year, which is not effective,” Huda said.

Follow us on social media for the latest updates in B2B!

Image

Latest

grocery prices
Grocery Retailers Need to Adopt Adaptive Supply Chain Strategies to Stabilize Rising Grocery Prices
April 26, 2024

As recent reports highlight a cooling in overall inflation rates, the grocery sector tells a different story. Over the past three years, grocery prices have surged by 21%, outpacing the general inflation rate of 18% during the same period. This divergence is particularly pronounced in certain food items, where price increases have reached as […]

Read More
Cybersecurity Challenges in healthcare
Old Systems are Creating Cybersecurity Challenges for Healthcare Orgs
April 26, 2024

Healthcare organizations face significant hurdles in maintaining strong and secure cybersecurity measures as tech evolves. Some of that is due to aging network infrastructures and high costs of essential software, which have created complex cybersecurity challenges. As healthcare continues to rely increasingly on digital solutions for patient care, the stakes for securing these systems […]

Read More
cybersecurity challenges
Healthcare Providers Must Combine Zero Trust Architecture and Threat Modeling to Address Cybersecurity Challenges
April 26, 2024

In today’s increasingly digital world, the healthcare sector faces significant cybersecurity challenges, necessitating urgent and sophisticated responses. The recent draft guidance issued by the FDA on cybersecurity for medical devices highlights a critical juncture for the industry: the need to implement and scale best practices in cybersecurity is more pressing than ever. As healthcare […]

Read More
New Penalties is a Push to Mitigate Cybersecurity Threats in Telecommunications and Healthcare
April 26, 2024

Cybersecurity has emerged as a critical issue in telecommunications and healthcare—two industries intertwined as essential services. With both sectors recognized as critical infrastructure, the consequences of cyber attacks can be far-reaching, impacting everything from individual privacy to national security. While recent regulatory changes are aiming to tighten security protocols, it also raises questions about […]

Read More
Related
Cybersecurity Challenges in healthcare
Software & Technology
Old Systems are Creating Cybersecurity Challenges for Healthcare Orgs
April 26, 2024
Healthcare
New Penalties is a Push to Mitigate Cybersecurity Threats in Telecommunications and Healthcare
April 26, 2024

Cybersecurity has emerged as a critical issue in telecommunications and healthcare—two industries intertwined as essential services. With both sectors recognized as critical infrastructure, the consequences of cyber attacks can be far-reaching, impacting everything from individual privacy to national security. While recent regulatory changes are aiming to tighten security protocols, it also raises questions about […]

Read More
global education
Healthcare
EdTech Companies Revolutionizes Global Education with Flexible and Tailored Learning Solutions
April 26, 2024

TIME magazine recently unveiled its inaugural list of the world’s top edtech companies, spotlighting the transformative role of technology in education. With companies from Singapore, the UK, Brazil, China, and the U.S. making up the Top 10, this announcement comes at a crucial juncture. The pandemic has drastically shifted education delivery, underscoring the […]

Read More