Education has a much higher rate of ransomware attacks than other industries, according to a recent report that analyzes how different sectors are managing the security challenges these attacks pose.
The rate of new ransomware attacks has jumped in recent years, as numerous industries, including higher education, fall victim to the attacks and struggle to fight them off, according to the report.
Thirteen percent of the higher education sector has been infected with ransomware, according to The Rising Face of Cyber Crime: Ransomware, a BitSight Insight Report.
In fact, advanced strains of ransomware encrypt data on an organization’s network or lock users out of their devices. Hackers then demand a ransom, usually in the form of Bitcoin, before they’ll restore data to normal. Some hackers use “ransomware-as-a-service,” which offers malware-construction kits designed to be easily deployed even with little hacking experience.
U.S. Justice Department estimates show that more than 4,000 ransomware attacks have occurred each day since the beginning of 2016.
In preparation for the report, researchers analyzed cybersecurity measures and ransomware across nearly 20,000 companies in government, healthcare, finance, retail, education, and energy/utilities to identify common forms and pinpoint which industries are are most susceptible to the attacks.
(Next page: Key findings and recommendations)
The report’s key findings illustrate how ransomware has impacted different industries.
Education has the highest rate of ransomware of all the industries included in the report–three times higher than in healthcare and more than 10 times the rate found in finance.
Academic institutions how low security ratings, possibly due to smaller IT teams or budget constraints and a high rate of file sharing across networks (roughly 58 percent of institutions), according to the report.
Because academic institutions have access to social security numbers, financial data, medical records, and more, they’re a prime target for cyber attacks. The report cites outside research showing that 17 percent of all data breaches occur in higher education institutions.
Though ransomware presents a number of challenges for academic institutions, there are some approaches that have proven successful in meeting common data security challenges:
1. Establish email security protocols. Organizations must train their employees on ways to stay safe on a corporate network and encourage them to report suspicious activity. To reduce spoofing and authenticate the origin of their email communications, IT security teams should also implement email security protocols.
2. Monitor key third parties. Vendor Risk Management teams should identify their key third parties and then continuously monitor them for ransomware infections.
3. Track security ratings. After performing significant system updates, IT security teams should continuously monitor their security ratings and ensure that systems are not vulnerable to exploits on systems containing sensitive information.
4. Avoid peer-to-peer file sharing on networks. IT teams should monitor their network for peer-to-peer file sharing activity and ensure that employees do not illegally download software.