In the education sector, there was a prevalent occurrence of ransomware incidents in 2024 that garnered considerable attention. A ransomware attack prompted the cancellation of classes at the Freehold Township School District in New Jersey at the start of the year. Meanwhile, students at New Mexico Highlands University missed classes for several days due to a ransomware incident which also caused disruption in employee paychecks. The cyber assault on the Alabama Department of Education underscored the vulnerability of all educational systems.
Decrease in ransomware attacks affecting education
The year concluded with positive news regarding ransomware in the education domain. According to the Sophos State of Ransomware in Education 2024 report, ransomware attacks on educational institutions dwindled in 2024. Reports of attacks on higher-education institutions decreased from 79% in 2023 to 66% in 2024. Similarly, lower education witnessed a decline from 80% in 2023 to 63% in 2024. Nonetheless, the attack rates for both remain above the global cross-sector average of 59%.
Ransomware’s impact on education quality
A recent study revealed that ransomware incidents in the education sector have repercussions on students. A survey by Action1 highlighted that the majority (64%) of education IT professionals believe that ransomware adversely affects the quality of education. The study identified various factors behind the attacks, including the nominal allocation of IT budgets towards cybersecurity (only 10% as per 44% of respondents) and the absence of cybersecurity experts in most schools (78%).
In an article on NPR, Noelle Ellerson Ng from the School Superintendents Association remarked that educational institutions are often easy targets due to insufficient security measures. Ng also emphasized that schools, being significant data collectors from students and employees, are typically the largest employers in communities.
Explore the Cost of a Data Breach Report
Enhancing cyber resilience in the education sector
Despite the declining trend, educational institutions must persist in fortifying their defenses.
Below are a few strategies schools can adopt to mitigate ransomware risks:
- Deploy antivirus and anti-malware software across all devices. Ensure coverage extends to tablets and smartphones, and promptly update systems with patches.
- Conduct cybersecurity training for staff and students. Educate them on best practices, such as choosing robust passwords and recognizing phishing attempts. Regularly remind them to refrain from clicking on unfamiliar links or downloading suspicious files.
- Implement filtering software. By filtering out potential threats in links and files, the likelihood of falling prey to phishing scams among students and staff diminishes.
- Utilize multi-factor authentication (MFA). Due to ransomware attacks often stemming from unauthorized entry, educational entities should take additional measures to verify user identities, such as incorporating email, text, or token authentication alongside passwords for heightened security.
Escalation in recovery expenses
Although the decrease in attacks offers optimism, a concerning trend highlighted in the Sophos report indicates a substantial surge in the expenses incurred for recovering from ransomware events in the education sector. In 2024, lower-education establishments reported an average recovery cost of $3.76 million, starkly contrasting with the $1.59 million recorded in the previous year. Higher-education entities observed an even greater increase, with recovery costs soaring over fourfold from 2023 to 2024 ($1.06 million to $4.02 million).
Here are strategies to mitigate recovery expenses:
- Backup your data. Besides real-time data backups, educational institutions should secure their backups rigorously, employing measures like isolated backups and immutable archives that prevent deletion. Sophos noted that institutions with compromised backups in lower education faced fivefold higher costs ($3 million versus $562,500) than those with restorable backups.
- Segment the network. By partitioning networks, a ransomware breach may only affect the accessed section, effectively reducing the extent of data compromised and the systems endangered, thereby truncating recovery duration and expenses.
- Develop an incident response strategy. Quick containment and recovery during ransomware incidents are hindered by the absence of a response plan. Furthermore, operational disruptions compound recovery duration. An incident response strategy ensures a swift and structured course of action during ransomware episodes, encompassing crucial phases of planning, detection, recovery, and post-incident initiatives.
Heightened inclination towards ransom payment
The swell in recovery expenses is also tied to changes in ransom payment behaviors and figures. Upon disbursing ransoms for data recovery, educational institutions inadvertently inflate their recovery expenditures.
Sophos’ report drew attention to an uptick in ransom payments from both higher and lower education establishments. The percentage of educational bodies in 2023 that paid ransoms following ransomware incidents increased to 67% in 2024, as opposed to 56% previously. Similarly, the proportion of higher-education institutions paying ransoms escalated from 47% to 62%.
Moreover, ransom amounts ballooned, further amplifying recovery costs. Lower education faced an average ransom of $3.9 million, with 44% of demands exceeding $5 million. Similarly, higher education witnessed surges in ransom demands, reaching $4.4 million. Due to the urgency of reinstating operations and the sensitivity of data, critical sectors like education encounter higher ransom demands. Noteworthy is the rising incidence of double extortion tactics employed by cybercriminals, demanding consignments to decrypt data and prevent data exposure, thereby escalating recovery expenses.
Impending ransomware landscape in education
The downturn in ransomware episodes signifies progress, yet educational establishments must monitor the escalating recovery costs. With every dollar directed towards ransomware recovery in education representing a loss for educational purposes, the financial implications of ransomware incidents in this sector are particularly severe. By proactively addressing vulnerabilities and curbing recovery expenses, educational institutions can uphold their primary focus on the essential task of educating students.