Education sector bullied by ransomware and can barely defend itself, report
Report finds education sector prime target for ransomware attacks
As ransomware activity has continued to increase across every industry over the last year, BitSight researchers found the education sector has been bullied by the highest rates of attack while having the least protected systems among the sectors researchers observed.
The firm's “The Rising Face of Cyber Crime: Ransomware” report found that the education sector has experienced the highest rates of attacks with 13 percent experiencing attacks of the 2,100 educational institutions queried, this was more than three times the rate found in healthcare and 10 times the rate of Finance.
Researchers also found that one in ten of the education organizations have been impacted by Nymaim variant.
The access that these institutions have to social security numbers, medical records, intellectual property, research, and financial data of faculty, staff, and students make them prime targets for attacks, the report said.
To make matters worse, the education sector ranked last among all of the industries tested in terms of cyber security performance. This might be attributed to smaller IT teams, budgetary constraints, and a high rate of file sharing activity on their networks, researchers said.
To address these issues researchers recommend institutions establish email security protocols, monitor key third parties, track security ratings, and avoid peer-to-peer file sharing on networks.
Unfortunately it doesn't look like things will improve across the industry as a whole, BitSight Technologies Senior Data Scientist Jay Jacobs told SCMagazine.com via emailed comments.
“While there are some institutions that have made great strides, and their security is comparable to even good private organizations, many institutions have a long, tough road to improve their security overall,” Jacobs said. “There is a fundamental challenge within educational institutions to support whatever device students and faculty bring in since the goal is learning and open collaboration.”
The educational sector's culture of openness is often at odds with traditional security control, Jacobs added.
Ransomware for hackers has proven to be very effective at generating profits for hackers and the open access necessary for an educational environment can present a huge vulnerability for students and faculty, Plixer CEO Michael Patterson told SCMagazine.com via emailed comments.
“This invites hackers to target a huge student and faculty population that can be quite vulnerable,” Patterson said. “Many ransomware attacks start with a simple phishing lure to encourage students to click on a url, malware document or website and in a flash their documents or even their hardware is locked up and held for ransom.”