The State of Ransomware in Education 2022
Sophos commissioned research agency Vanson Bourne to conduct an independent, vendor-agnostic survey of 5,600 IT professionals from mid-sized organisations (100- 5,000 employees) across 31 countries.
320 respondents were from lower education i.e., organisations that cater to students below 18 years, including primary, secondary, elementary, high school, and K-12 institutions. 410 respondents were from the higher education sector, encompassing organisations catering to students above 18 years such as colleges and universities. Given the many differences between a small school and a larger university, separating education in this way enables us to gain greater insights into the challenges and experiences faced by different types of education organisations.
The survey was conducted during January and February 2022, and respondents were asked to respond based on their experiences over the previous year.
According to this study, ransomware attacks on the education sector have increased and lower education organisations are being hit the hardest with 56% of lower education organisations being hit by ransomware in the last year.
Back-ups are the #1 method of restoring data and was used by 76% of lower education organisations who had been hit with an attack, however, it is only an option if you are prepared for an attack.
If you are not prepared, paying the ransom may be the only option, but you are still likely to be left with a loss of data as only 2% of organisations got all their data back after paying the ransom with the amount of average data restored being just 62%.
How will ransomware affect you?
The fiscal impact of ransomware on education is huge. The sector made high average ransom payments – 1.97M USD (£1.73M) by lower education and 905K USD (£795K) by higher education organisations. Ransomware also severely impacts operations and business/revenue in the education sector.
94% of lower education and 97% of higher education respondents hit by ransomware said the attack impacted their ability to operate. As well as this, recovery time was also slow, lower education reported that 40% of organisations hit by ransomware took up to a week to recover from the most significant attack.
The education sector also has a low rate of cyber insurance in place. Only 78% of lower and higher education organisations have coverage.
Optimising your ransomware defences is more important than ever. Our five top tips are:
- Ensure high-quality defences at all points in your environment. Review your security controls and make sure they continue to meet your needs.
- Proactively hunt for threats so you can stop adversaries before they can execute their attack – if you don’t have the time or skills in-house, work with a specialist MDR (managed detection and response) cybersecurity service.
- Harden your environment by searching for and closing down security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) is ideal for this purpose.
- Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact.
- Make backups, and practice restoring from them. Your goal is to get back up and running quickly, with minimal disruption.