13% Of The Higher Education Sector Has Been Infected With Ransomware

Joel Alcon | October 13, 2016 | tag: Vendor Risk Management

Hackers look at ransomware as a quick payday, so they are very opportunistic in terms of their ransomware attack strategy. They cast a wide net, but tend to focus on target industries they think are more likely to click their links.

In a recent BitSight Insights report, data scientists examined the cybersecurity performance of nearly 20,000 companies against the growing threat of ransomware. In doing so, they found that cybersecurity in the education sector may be lacking. In fact, education has the highest rate of ransomware across all industries: three times more than healthcare and ten times more than finance.

How pervasive is the threat of ransomware? Learn how ransomware is evolving and how higher education is susceptible.

There are a number of elements that may be contributing to the education sector’s inflated rate of ransomware infections. Those in the education field naturally have an “information sharing” mentality, which lends to a high rate of peer-to-peer file sharing. Universities and higher ed institutions encourage collaboration—but as a result, you often see students and faculty engaging in file-sharing activity on the school’s primary network. While these activities drive advanced thinking, they often also expose the organization tosecurity-managers-guide-to-VRM attacks such as ransomware.

Additionally, we live in a day and age when students at all types of institutions—from elementary through higher ed—are encouraged to bring electronic devices into the classroom. While some of these devices are controlled by the school’s IT departments, many are personal devices. This leaves the school’s network vulnerable to cyber attacks like ransomware, as there is far less IT control on what can and cannot happen in and on the network.

Below, we’ve outlined five actions your educational institution can take to limit its exposure to (or mitigate the fallout from) ransomware infections.

Cybersecurity In Higher Education: 5 Practices For Preventing Ransomware Attacks & Fallout

1. Have A Backup Of Your Systems

If your network is compromised through a ransomware attack, you should have a regularly updated backup of your systems to fall back on. This could cause a disturbance, as systems would be offline for while—but it may help you avoid paying the ransom.

2. Continuously Monitor Your Vendors

As schools choose to work with more partners and third parties, it becomes increasingly important that they continuously monitor the most critical of those vendors. A continuous monitoring system like BitSight Security Ratings can help you to quickly and easily understand the risk each vendor poses to an organization.

3. Establish Email Security Protocols

At any higher education institution, both students and faculty will invariably open emails and attachments. Ultimately, IT teams at these institutions need to take a proactive approach to protecting their network from ransomware. An important step in the process is implementing email security protocols like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF helps to limit an attacker’s ability to successfully spoof a valid “From” address, and DKIM helps to authenticate valid servers and limit the sending of spoofed email messages.

4. Review Your Network Connections

Colleges and universities (and other educational institutions) should consider separating their public-facing network from their administrative network. That way, all critical administrative systems won’t be locked up in a ransomware attack on a public network.

5. Ensure IT Teams Stay Informed

The financial sector often performs well against ransomware because it has advanced cybersecurity programs as well as regulations that drive awareness of new cybersecurity threats. This is not always the case for cybersecurity in higher education. Therefore, it’s important for institutional IT teams to keep their ear to the ground about new strains of ransomware as they continue to evolve.

Learn More About Higher Education Cybersecurity & Ransomware  

Ransomware is affecting virtually all industries today. Download the latest BitSight Insights report to learn more about how ransomware infections have evolved over the last year and how businesses can help mitigate the threat of ransomware. 

Suggested Posts

BitSight Integrates With ServiceNow to Reduce Risk Throughout Vendor Management Programs

Organizations rely on third-parties to keep competitive in the marketplace. The EY global third-party risk management survey highlights that in 2019–20, over 33% of the 246 global companies surveyed were managing and monitoring...

READ MORE »

5 Best Practices for Conducting Cyber Security Assessments

Third parties are essential to helping your business grow and stay competitive. But if you’re not careful, your trusted partnerships can introduce unwanted cyber risk and overhead into your organization.

READ MORE »

5 Tips to Improve Cyber Security Monitoring of Your Vendors

What’s the biggest struggle your vendor risk managers face when establishing cyber security monitoring processes? From sudden increases in the use of third-parties by your organization, to not knowing which vendors might be impacted by...

READ MORE »

Get the Weekly Cybersecurity Newsletter.