The State of Ransomware in Education 2022

Findings from an independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations across 31 countries, including 730 respondents from the education sector.

Ransomware attacks on education have increased 56% of lower education organizations and 64% of higher education organizations were hit by ransomware in the last year. This is a considerable increase from the 44% of education respondents that reported an attack in our 2021 survey (based on 499 respondents across lower and higher education).

This jump in the ransomware attack rate was part of a cross-sector trend: across all sectors, 66% of respondents reported being hit by ransomware, up from 37% the year before.

While education has a below-average attack rate, the adversaries’ encryption success rate in this sector is considerably higher than average. Higher education has the highest data encryption rate of all sectors surveyed (74% of attacks resulted in data being encrypted) while lower education is only a little behind at 72%. In comparison, the global average encryption rate comes in at 65%. These findings suggest that the education sector is poorly prepared to defend against a ransomware attack, and likely lacks the layered defenses needed to prevent encryption if an adversary does succeed in penetrating the organization.

The high level of successful ransomware attacks is part of an increasingly challenging broader threat environment that has affected organizations across all sectors: globally, 57% of respondents reported an increase in the volume of cyberattacks on their organization last year, and 59% reported an increase in complexity of attacks and 53% reported an increase in attack impact. Overall, 72% of respondents reported an increase in at least one of these areas.

While respondents in both the lower and higher education sectors were affected by this changing threat environment, education had a below-average percentage of respondents reporting increases in all three areas (volume, complexity, impact).

Optimizing your ransomware defenses is more important than ever. Our five top tips are:

– Ensure high-quality defenses at all points in your environment. Review your security controls and make sure they continue to meet your needs.

– Proactively hunt for threats so you can stop adversaries before they can execute their attack – if you don’t have the time or skills in-house, work with a specialist MDR (managed detection and response) cybersecurity service.

-Harden your environment by searching for and closing security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) is ideal for this purpose.

– Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact. – Make backups, and practice restoring from them.

Your goal is to get back up and running quickly, with minimal disruption. For detailed information on individual ransomware groups, see the Sophos ransomware threat intelligence center.


Credit: A Sophos Whitepaper. July 20022

#cybercrime #ransomware #preparedness #myredfolder #recovery #education #2022 #education #institutions

Leave a Reply

Your email address will not be published.