Education Sector Now Most Targeted with Ransomware

Education has surpassed healthcare as the sector most targeted by ransomware, a variety of malware that makes data inaccessible to users until a ransom is paid.

According to U.S. Department of Justice statistics, some 4,000 ransomware attacks occur every day in the United States this year alone. According to a new report from security analyst BitSight, the number of attacks against educational organizations now dwarfs attacks in all other sectors.

According to the BitSight Insights report ("The Rising Face of Cyber Crime: Ransomware"), a full 13 percent of education institutions examined by the company had experienced ransomware attacks on their networks in the last year. That compares with government at 5.9 percent and healthcare at 3.5 percent. Energy/utilities and retail rounded out the top 5 at 3.4 percent and 3.2 percent, respectively. The finance sector came in a distant sixth at 1.5 percent.

"While several ransomware attacks on healthcare companies have made headlines this year, the issue is more widespread. Our analysis shows that the Education sector is actually the most impacted group, followed by Government. Establishing email security protocols, monitoring key third-party vendors, tracking security ratings and avoiding file sharing are all ways to mitigate risks associated with ransomware," said Stephen Boyer, co-founder and CTO of BitSight, in a statement released to coincide with the report.

The report indicated that ransomware increased across all sectors in 2016.

A separate report released this month, "The 2016 Global Ransomware Report," security firm Datto surveyed 1,100 managed service providers to get their take on ransomware. MSPs placed education much lower on the threat scale (in ninth place, with 12 percent of MSPs seeing education institutions affected compared with No. 1 professional services at 44 percent and No. 2 healthcare at 38 percent).

Datto's report found that the most effective protection against ransomware is backup and disaster recovery, followed by employee training. Many ransomware attacks occur through e-mail phishing, the report noted, and keeping employees uninformed about phishing attacks is "a bad combo." The report indicated that 46 percent of MSPs saw e-mail phishing attacks as the leading cause of ransomware attacks; lack of employee training, at 36 percent, came in second. Malicious websites and Web-based ads were also cited by 12 percent of MSPs.

According tot he Datto report: "Malicious emails coupled with a general lack of employee cybersecurity training is the leading cause of a successful ransomware attack. Today's businesses must provide regular cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for the malware."

The least effective defenses against ransomware cited in the Datto report were virus/malware protection and e-mail spam filters.

It's also worth noting that cloud services are not immune from ransomware, according to Datto's report. Seventy percent of respondents said their clients have been infected via Dropbox, 29 percent via Office 365, 12 percent via Google Apps, 6 percent via box and 3 percent via Salesforce.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • interlocking blue and orange blocks merge at the center against a beige background decorated with subtle technology and education-themed icons

    Cambium Learning Group to Combine ExploreLearning and Learning A-Z Brands

    Ed tech company Cambium Learning Group has announced plans to combine its ExploreLearning and Learning A-Z brands, with a new name and brand identity to be introduced in early 2026.

  • Digital clouds with data points and network connections

    Microsoft's Windows 365 Cloud Apps Available in Public Preview

    Microsoft has announced that its Windows 365 Cloud Apps are now available in public preview. This allows IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • magnifying glass highlighting a human profile silhouette, set over a collage of framed icons including landscapes, charts, and education symbols

    New AI Detector Identifies AI-Generated Multimedia Content

    Amazon Web Services and DeepBrain AI have launched AI Detector, an enterprise-grade solution designed to identify and manage AI-generated content across multiple media types. The collaboration targets organizations in government, finance, media, law, and education sectors that need to validate content authenticity at scale.