Vendor Risk Management

13% Of The Higher Education Sector Has Been Infected With Ransomware

Joel Alcon | October 13, 2016

Hackers look at ransomware as a quick payday, so they are very opportunistic in terms of their ransomware attack strategy. They cast a wide net, but tend to focus on target industries they think are more likely to click their links.

In a recent BitSight Insights report, data scientists examined the cybersecurity performance of nearly 20,000 companies against the growing threat of ransomware. In doing so, they found that cybersecurity in the education sector may be lacking. In fact, education has the highest rate of ransomware across all industries: three times more than healthcare and ten times more than finance.

How pervasive is the threat of ransomware? Learn how ransomware is evolving and how higher education is susceptible.

There are a number of elements that may be contributing to the education sector’s inflated rate of ransomware infections. Those in the education field naturally have an “information sharing” mentality, which lends to a high rate of peer-to-peer file sharing. Universities and higher ed institutions encourage collaboration—but as a result, you often see students and faculty engaging in file-sharing activity on the school’s primary network. While these activities drive advanced thinking, they often also expose the organization tosecurity-managers-guide-to-VRM attacks such as ransomware.

Additionally, we live in a day and age when students at all types of institutions—from elementary through higher ed—are encouraged to bring electronic devices into the classroom. While some of these devices are controlled by the school’s IT departments, many are personal devices. This leaves the school’s network vulnerable to cyber attacks like ransomware, as there is far less IT control on what can and cannot happen in and on the network.

Below, we’ve outlined five actions your educational institution can take to limit its exposure to (or mitigate the fallout from) ransomware infections.

Cybersecurity In Higher Education: 5 Practices For Preventing Ransomware Attacks & Fallout

1. Have A Backup Of Your Systems

If your network is compromised through a ransomware attack, you should have a regularly updated backup of your systems to fall back on. This could cause a disturbance, as systems would be offline for while—but it may help you avoid paying the ransom.

2. Continuously Monitor Your Vendors

As schools choose to work with more partners and third parties, it becomes increasingly important that they continuously monitor the most critical of those vendors. A continuous monitoring system like BitSight Security Ratings can help you to quickly and easily understand the risk each vendor poses to an organization.

3. Establish Email Security Protocols

At any higher education institution, both students and faculty will invariably open emails and attachments. Ultimately, IT teams at these institutions need to take a proactive approach to protecting their network from ransomware. An important step in the process is implementing email security protocols like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF helps to limit an attacker’s ability to successfully spoof a valid “From” address, and DKIM helps to authenticate valid servers and limit the sending of spoofed email messages.

4. Review Your Network Connections

Colleges and universities (and other educational institutions) should consider separating their public-facing network from their administrative network. That way, all critical administrative systems won’t be locked up in a ransomware attack on a public network.

5. Ensure IT Teams Stay Informed

The financial sector often performs well against ransomware because it has advanced cybersecurity programs as well as regulations that drive awareness of new cybersecurity threats. This is not always the case for cybersecurity in higher education. Therefore, it’s important for institutional IT teams to keep their ear to the ground about new strains of ransomware as they continue to evolve.

Learn More About Higher Education Cybersecurity & Ransomware  

Ransomware is affecting virtually all industries today. Download the latest BitSight Insights report to learn more about how ransomware infections have evolved over the last year and how businesses can help mitigate the threat of ransomware. 

Suggested Posts

Third-Party Risk Management Best Practices for Enterprise

Companies are becoming increasingly reliant on third-party relationships, and cyber attacks originating in the systems of third parties are on the rise.

READ MORE »

Airbus Incident Shines Spotlight on Third-Party Vendor Security Risks

2019 has been a year of high-profile attacks, and, as we predicted, it’s only getting worse. That’s certainly the case for Airbus.

READ MORE »

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...

READ MORE »

Subscribe to get security news and updates in your inbox.