Expert Viewpoint

Why Object Storage for Backups Can Keep Schools' Data Safer When Ransomware Comes Calling

• By Anthony Cusimano
• 10/21/22

As schools across the country welcomed students back into their classrooms this semester, ransomware groups showed up, as well. In late August, hackers breached the Mansfield, Texas school district with ransomware, disrupting website, phone, and internet access.

A week later, ransomware group Vice Society infiltrated the Los Angeles Unified School District — the second-largest school district in the United States — temporarily taking down their IT services and access to networks and instructional apps, among other things. Though both school districts have recovered, in the weeks since, the rapid rate of successful cyberattacks targeting schools during back-to-school season is concerning and likely a sign of more attacks to come.

Why all this threat-actor attention on education systems? Schools are often seen as lucrative targets due to the personal and sensitive student information that school IT systems store. The plan for ransomware groups is simple: penetrate a school’s cybersecurity defenses, take hold of lucrative data, and hold it for ransom.

Considering that school systems across the country significantly vary in IT budgets and subsequent cybersecurity budgets, it’s reasonable to conclude that for schools, suffering a cyberattack is not a question of if, but when. Attack rates are only increasing, and ransomware groups are multiplying.

In the face of a growing attack front, how can schools truly protect their sensitive student data and avoid paying costly ransom in hopes of data being recovered?

Quality over Quantity

The best-case scenario when defending against ransomware is stopping the attack from hitting the production environment before it happens, but that’s not always possible. While measures are evolving to ensure core security components such as monitoring network traffic, deploying strict permission guidelines, and rolling out multi-factor authentication to confirm identities are implemented, it’s clear that they don’t always stack up against attackers’ increasingly sophisticated methodologies. We’ve seen time and again that as cybersecurity tactics advance, so do the tactics of bad actors. Unfortunately, no amount of security is foolproof.

Instead of “adding extra fences” that hackers could potentially get around, schools are better off ensuring data is recoverable no matter the circumstance. This helps to stop forcing ransom payments and alleviates the long list of security tools a school’s already-strapped IT and security team has to worry about.

Simply put, it is easier to defend the known than the unknown – and the known, in this case, is sensitive student data. This is why schools need to invest in the right tools (not more tools) that can guarantee that downtime and data loss are not the end result when an attack hits.

Safeguarding Data with Backup and Recovery

Data protection provider Veeam recently published a study analyzing ransomware attacks and their varying success rates. The study found that 76% of all cyberattack victims hit by ransomware ended up paying the ransom in an attempt to recover their data. However, it also revealed that 24% of victims paid to recover their data and never recovered it.

These results highlight a clear gap in data protection: Backup and recovery are often afterthoughts, and those who have paid ransoms to retrieve stolen or lost data will tell you it’s a slow and lengthy process, often resulting in partial or failed recoveries.

Schools cannot risk a 1-in-3 chance of losing all of their staff or students’ personal information when struck by a ransomware attack. Data backup and recovery must be present in their security portfolio to combat this ever-changing threat. By adequately implementing data backup, schools ensure their IT teams have a clean copy of data to recover, when (not if) ransomware gets through.

The Benefits of Object Storage-Based Data Backup

As ransomware attacks continue to rise, targeting both primary data and backups is not out of the question. In our cloud-dominated environment of today, object storage positions itself as a must-have for schools because it provides numerous inherent advantages for protecting data and data backups.

First and foremost, object storage is ransomware-proof, with versioning and object-lock enabled. In instances of object storage solutions with out-of-the-box immutability, data backups cannot be altered or impacted by ransomware. If ransomware cannot infiltrate your data backups, your data cannot be held for ransom.

In addition, some object storage providers offer scalability, a key factor for any organization dealing with large amounts of personal information. Investing in an object storage solution with scalability allows schools to maintain data safety regardless of current data volumes or future data intake.

Furthermore, object storage offers consistent availability in some instances, meaning that data backed up to local object storage repositories can be recovered quickly to ensure continuity in day-to-day school operations.

Add in its general affordability in relation to file or block storage solutions — an integral factor for budget-strapped schools — and object storage becomes the ideal solution for defense against ransomware.

Back-to-school season is not the lone peak ransomware season for schools. Groups like Vice Society will continue their attacks all year long, and schools must be prepared around the clock.

Data is more valuable than ever, and schools (like every other industry) are collecting more data than ever. The cost to recover from a ransomware attack — whether that means paying a ransom or dealing with the aftermath of IT outages and successful data theft — is overwhelming. Not to mention it’s sure to place a financial burden on affected schools.

However, by investing in cost-efficient solutions like object storage, classes can stay in session, and students' personal information can remain where it belongs: safe, secure, and out of the hands of hackers.