Why schools are convenient targets for ransomware attacks?

In 2022, the education sector was the one that saw the most ransomware assaults, according to recent data from a top global cybersecurity firm.

According to Sophos’ State of Ransomware in Education 2023 report, an alarming increase from 56% in 2021, 80% of K–12 schools reported being the targets of ransomware assaults. With nearly half (47%) of schools paying the ransom, the education sector also had one of the highest rates of ransom payments.

However, the cost of recovery was greatly enhanced by paying the ransom. For schools, the average recovery expenses (excluding any ransom payments) were $2.18 million when the ransom was paid vs $1.37 million when it wasn’t.

According to Aaron Bugal, Field CTO APJ at Sophos, “K–12 schools hold a plethora of valuable data such as student addresses, parent emails, and bank account details and are therefore becoming increasingly targeted,” The Educator reported.

Additionally, schools will need to secure thousands of scattered endpoints, many of which belong to kids and even professors who are not familiar with cybersecurity.

According to Bugal, this creates a “dream attack surface” for cybercriminals since, if staff and kids aren’t educated on how to correctly spot dangers and be cyber aware, it only takes one weak link to allow hackers to gain access to the entire school system’s data.

What can principals do to counter this threat, then?

Maintaining a successful educational ecosystem requires staying ahead of cybercriminals, according to Bugal.

“To achieve a successful security outcome, schools must concentrate on cybersecurity education and implement the appropriate processes and technical controls.”

Since the volume and complexity of cyber threats are only going to increase, according to Bugal, most schools shouldn’t be attempting to handle cybersecurity on their own.

Instead, he advised that they think about paying for cyber security as a service to guarantee that their institution is secure at all times. Principals are free to focus on what they do best, which is educate, by leaving cybersecurity to qualified professionals.

According to Bugal, part of this should be regularly reminding parents, teachers, and students about the risks associated with online learning and educating them on how to be cyber-aware.

Cyber-savvy faculty and students understand how to spot phishing scams, use multifactor authentication, and avoid clicking on dubious links, which lowers the risk factor for schools.

Leave a Comment