Education Sector Suffers Highest Data Encryption Rate and Longest Recovery Time

OXFORD, U.K. — 七月 12, 2022 —

Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, The State of Ransomware in Education 2022. The findings reveal that education institutions – both higher and lower education – are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020. Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

Additional findings include:

  • Education institutions report the highest propensity to experience operational and commercial impacts from ransomware attacks compared to other sectors; 97% of higher education and 94% of lower education respondents say attacks impacted their ability to operate, while 96% of higher education and 92% of lower education respondents in the private sector further report business and revenue loss
  • Only 2% of education institutions recovered all of their encrypted data after paying a ransom (down from 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (down from 68% in 2020)
  • Higher education institutions in particular report the longest ransomware recovery time; while 40% say it takes at least one month to recover (20% for other sectors), 9% report it takes three to six months

“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos. “Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy. Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible.”

Interestingly, education institutions report the highest rate of cyber insurance payout on ransomware claims (100% higher education, 99% lower education). However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware (78% compared to 83% for other sectors).

"Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half (49%) report that the level of cybersecurity they need to qualify for coverage has gone up,” said Wisniewski. “Cyber insurance providers are becoming more selective when it comes to accepting customers, and education organizations need help to meet these higher standards. With limited budgets, schools should work closely with trusted security professionals to ensure that resources are being allocated toward the right solutions that will deliver the best security outcomes and also help meet insurance standards.”

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:

  • Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
  • Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
  • Make backups, and practice restoring from them to ensure minimize disruption and recovery time

The State of Ransomware in Education 2022 survey polled 5,600 IT professionals, including 320 lower education respondents and 410 high education respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.

关于 Sophos

Sophos 是全球领先的先进安全解决方案提供商和创新者,全面安全解决方案涵盖托管式侦测与响应 (MDR) 和事件响应服务,以及广泛的端点、网络、电子邮件和云安全技术。作为最大的纯网络安全厂商之一,Sophos 为全球超过 600,000 家企业和超过 1 亿用户提供防御主动攻击对手、勒索软件、网络钓鱼、恶意软件等威胁的保护。Sophos 的服务和产品通过 Sophos Central 管理控制台连接,并得到公司内部的跨领域威胁情报部门 Sophos X-Ops 的支持。Sophos X-Ops 情报优化整个 Sophos Adaptive Cybersecurity Ecosystem 自适应网络安全生态体系,包括一个中央数据湖,为客户、合作伙伴、开发人员和其他网络安全与信息技术供应商提供一组丰富的开放 API。Sophos为需要完全托管的安全解决方案的组织提供网络安全即服务。客户还可以直接利用 Sophos 的安全运行平台管理其网络安全,或者采用混合方法,为内部团队补充 Sophos 服务(包括威胁追踪与修复)。Sophos 通过世界各地的经销商合作伙伴和托管服务供应商 (MSP) 销售。Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.com