In terms of number of attacks and amount of damage incurred, IT teams in educational institutions had their hands tied.

The education sector is one of the most popular targets for hackers worldwide. Since the start of the pandemic, schools around the world have had to implement Home-Based Learning (HBL) urgently, putting up with numerous teething problems in equipment logistics and security issues.

With students and teachers across the world having to access online resources daily for remote-learning, this is a potential huge pool of sitting ducks for cybersecurity predators. 

In a recent Jan – Feb 2021 global report on the state of ransomware in 2020 by Sophos, involving surveys of 5,400 IT decision makers across 30 countries, and including 499 education decision makers:

  • Education, together with retail, faced the highest level of ransomware attacks during 2020, with 44% of organizations hit (compared to 37% across all industry sectors covered by the study).
  • For educational institutions, the financial impact of a ransomware attack in 2020 was on average, US$2.73m: the highest across all sectors surveyed, and 48% above the global average. This involved the total cost of downtime; people time; device cost; network cost; lost opportunity; ransom paid and other costs.
  • 58% of the education organizations hit by ransomware said the attackers had succeeded in encrypting their data.
  • 35% of those with encrypted data gave in to the attackers’ demands and paid the ransom. Only the energy, oil/gas and utilities (43%), and local government (42%) sectors were more likely to pay.
  • The average ransom payment was US$112,435 (lower than the global average of US$170,404). Those that paid recovered on average only around 68% of their data, leaving almost a third inaccessible; and 11% got all their encrypted data back.
  • Of those institutions that were not hit with ransomware last year (55% of respondents), 61% expect to be targeted in the future. The main reasons given for this were that cyberattacks are now so sophisticated (46%) and prevalent (42%).

The firm’s principal research scientist, Chester Wisniewski noted that the education sector has long been an attractive target for cyber-attackers. “The budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end user behavior. All this increases exposure to risk in any year, but in 2020 the pandemic happened, and education establishments had to switch, with short notice, to virtual learning environments, with very little time to think about security or provide basic cybersecurity training for all the newly remote users. This significantly increased the sector’s vulnerability and adversaries were quick to seize the opportunity, leaving victims with the huge financial impact of having to rebuild IT infrastructure from scratch.”

The firm wishes to remind IT teams in educational institutions to focus resources on three critical areas: building stronger defenses against cyber threats; introducing security skills training for users; and where possible, investing in more resilient infrastructure.