Education is currently the biggest target for ransomware attacks, preceding the government, healthcare, energy/utilities, retail, and finance industries, according to Dark Reading in number of ransomware attacks.
And in the “2017 Cost of Data Breach Study” by Ponemon, the average cost to recover each record from a ransomware attack on education in the U.S. is $245 – $45 more than the global education industry average to recover a student or an educator record reports THE Journal.
We break down the reasons behind this threatening trend, and provide tips for securing your school or district from future attacks.
In recent years, the number of large-scale ransomware attacks has grown. For example, most people have heard of a few such as WannaCry and NotPetya.
And the education industry is no safer than anything else. In fact, it falls behind other industries particularly in regards to the time it takes to respond to attacks. And when it comes to these attacks, time is critical. THE Journal reports, “On average, worldwide, education takes 221 days for the first part of the work [identifying breaches] and 83 days for the second part [containing them]. As a comparison, financial takes only 155 days to identify a potential breach and 34 days to respond and contain it.” The longer it takes to contain, the more expensive it will become.
With slow response times, education is a main target.
The BitSight ransomware survey attributes this to, “smaller IT teams, budgetary constraints, and a high rate of file sharing activity on their networks.” A large percentage of breaches occur in higher education institutions. But the smaller IT teams and budgetary constraints are definitely present in the K-12 space.
There is an interactive K-12 Cyber Incident Map that shows all reported cyber security incidents in education across the U.S. from 2016 to the present day. “For the period January 1, 2016 to August 17, 2017, U.S. K-12 public schools and districts were reported to have experienced at least 199 separate cyber security-related incidents resulting in the disclosure of personal information, the loss of taxpayer dollars, and the loss of instructional time.”
By the time this blog post is published, that number of 199 incidents will have grown. Clicking around on the map, various incidents include phishing, data breaches, hackers, and more.
How many cyber incidents have been reported in your state?
Employee awareness is critical in preventing many security incidents. The “2016 State of Privacy and Security Awareness” report reveals, “88 percent of employees in all industries lack the awareness to stop preventable privacy and security incidents.”
The survey also breaks down the state of awareness per industry. Here is what they found out about education:
The top four highest risk areas for educators are:
The full infographic is available here.
The education industry can take steps now to help prevent a breach in the future. eSchool News suggests taking the following proactive measures:
Constant vigilance is necessary to protect any industry from an attack. Add extra layers of security through cyber solutions and ensure educators in your school or district remain aware of how to recognize and avoid threats.
Unfortunately, students are also included as targets for cyber attacks and ransomware threats. Students may unwittingly click on a phishing email or web link from a school-issued device and it could take down an entire school network. Or students may share USBs or bring them back and forth from home and end up with an infected computer.
Educators can keep students safe with any (or all) of these helpful tips.
If you’d like to safely connect your students outside the classroom, let us know about your program and we can help protect your students.
However you decide to protect your network from ransomware and cyber attacks, remember awareness is crucial, for both educators and students.