Education Impacted by Ransomware More Than Any Other Sector

In its new State of Ransomware 2023 report, data security provider Sophos found that the education sector had been impacted by ransomware significantly more than any other sector.

The report was based on survey data from more than 3,000 IT and data security professionals across sectors. Overall, last year, 66% of organizations reported that they had been the victims of a ransomware attack. In PreK–12, that figure was 80%. Higher education followed closely behind, at 79%.

The report also found that:

  • Data was successfully encrypted by attackers in 76% of cases, the highest success rate in four years;

  • Data was also stolen in 30% of cases where it was successfully encrypted ("double-dipping");

  • Vulnerability exploits were the most common vector, accounting for 36% of attacks;

  • Compromised credentials were the second-most common vector for ransomware, at 29%;

  • Across all sectors, the rate of ransomware attacks (66%) did not change year over year.

"Sophos' latest report is a clarion reminder that ransomware remains a major threat, both in scope and scale," said Megan Stifel, executive director of the Ransomware Task Force and chief strategy officer, Institute for Security and Technology, in a statement released to coincide with the report. "This is particularly true for ‘target-rich, resource-poor’ organizations that don’t necessarily have their own in-house resources for ransomware prevention, response and recovery."

The report noted that the average cost of data recovery for organizations that did not pay the demanded ransom was $375,000. The cost for organizations that paid the ransom was double that amount, $750,000.

"Incident costs rise significantly when ransoms are paid," said Chester Wisniewski, field CTO, Sophos, in a prepared statement. "Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation."

The complete report, with breakdowns by sector, can be accessed here.

About the Author

David Nagel is the former editorial director of 1105 Media's Education Group and editor-in-chief of THE Journal, STEAM Universe, and Spaces4Learning. A 30-year publishing veteran, Nagel has led or contributed to dozens of technology, art, marketing, media, and business publications.

He can be reached at [email protected]. You can also connect with him on LinkedIn at https://www.linkedin.com/in/davidrnagel/ .


Featured

  • Stylized illustration of an AI microchip connected to a laptop, server rack, and monitor with a chart

    HPE and Nvidia Expand AI Infrastructure Partnership

    Hewlett Packard Enterprise and Nvidia have announced an expanded partnership to accelerate enterprise artificial intelligence adoption through new modular infrastructure and turnkey AI platform offerings.

  • shield with an AI microchip emblem hovering above stacks of gold coins

    Report: AI Security Spend Surges While Traditional Security Budgets Shrink

    A new report from global cybersecurity company Thales reveals that while enterprises are pouring resources into AI-specific protections, only 8% are encrypting the majority of their sensitive cloud data — leaving critical assets exposed even as AI-driven threats escalate and traditional security budgets shrink.

  • digital learning resources including a document, video tutorial, quiz checklist, pie chart, and AI cloud icon

    Quizizz Rebrands as Wayground, Announces New AI Features

    Learning platform Quizizz has become Wayground, in a rebranding meant to reflect "the platform's evolution from a quiz tool into a more versatile supplemental learning platform that's supported by AI," according to a news announcement.

  • teen studying with smartphone and laptop

    OpenAI Developing Teen Version of ChatGPT with Parental Controls

    OpenAI has announced it is developing a separate version of ChatGPT for teenagers and will use an age-prediction system to steer users under 18 away from the standard product, as U.S. lawmakers and regulators intensify scrutiny of chatbot risks to minors.