Education Sector Suffers Highest Data Encryption Rate and Longest Recovery Time

OXFORD, U.K. — juillet 12, 2022 —

Sophos, a global leader in next-generation cybersecurity, has published a new sectoral survey report, The State of Ransomware in Education 2022. The findings reveal that education institutions – both higher and lower education – are increasingly being hit with ransomware, with 60% suffering attacks in 2021 compared to 44% in 2020. Education institutions faced the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover – almost double the average time for other sectors (4%).

Additional findings include:

  • Education institutions report the highest propensity to experience operational and commercial impacts from ransomware attacks compared to other sectors; 97% of higher education and 94% of lower education respondents say attacks impacted their ability to operate, while 96% of higher education and 92% of lower education respondents in the private sector further report business and revenue loss
  • Only 2% of education institutions recovered all of their encrypted data after paying a ransom (down from 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (down from 68% in 2020)
  • Higher education institutions in particular report the longest ransomware recovery time; while 40% say it takes at least one month to recover (20% for other sectors), 9% report it takes three to six months

“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos. “Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimized schools with high recovery costs and sometimes even bankruptcy. Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible.”

Interestingly, education institutions report the highest rate of cyber insurance payout on ransomware claims (100% higher education, 99% lower education). However, as a whole, the sector has one of the lowest rates of cyber insurance coverage against ransomware (78% compared to 83% for other sectors).

"Four out of 10 schools say fewer insurance providers are offering them coverage, while nearly half (49%) report that the level of cybersecurity they need to qualify for coverage has gone up,” said Wisniewski. “Cyber insurance providers are becoming more selective when it comes to accepting customers, and education organizations need help to meet these higher standards. With limited budgets, schools should work closely with trusted security professionals to ensure that resources are being allocated toward the right solutions that will deliver the best security outcomes and also help meet insurance standards.”

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors:

  • Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  • Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
  • Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
  • Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
  • Make backups, and practice restoring from them to ensure minimize disruption and recovery time

The State of Ransomware in Education 2022 survey polled 5,600 IT professionals, including 320 lower education respondents and 410 high education respondents, in mid-sized organizations (100-5,000 employees) across 31 countries.

À propos de Sophos

Sophos est un leader mondial de la cybersécurité qui protège 600000organisations à travers le monde grâce à une plateforme optimisée par l’IA et à des services fournis par des experts. Sophos accompagne les entreprises, quel que soit leur niveau de maturité en matière de cybersécurité, et évolue avec elles pour déjouer les cyberattaques. Ses solutions offrent une combinaison optimale entre apprentissage automatique, automatisation et renseignements sur les menaces en temps réel, à laquelle s’ajoute l’expertise humaine de l’équipe Sophos X-Ops, qui travaille en première ligne pour assurer la surveillance, la détection et la réponse aux menaces 24h/24 et 7j/7.
Sophos propose des services managés de détection et de réponse (MDR) de pointe, ainsi qu’un portefeuille complet de technologies de cybersécurité, parmi lesquelles des solutions de sécurité Endpoint, réseau, email et cloud, ainsi que des solutions de détection et de réponse étendues (XDR), de détection et de réponse aux menaces liées à l’identité (ITDR) et de SIEM de nouvelle génération. Associées à des services de conseil spécialisés, ces capacités aident les entreprises à réduire leurs risques de manière proactive et à répondre plus rapidement, tout en bénéficiant de la visibilité et de l’évolutivité nécessaires pour garder une longueur d’avance sur les menaces en constante évolution.
Sophos commercialise ses produits via un écosystème mondial de partenaires, comprenant des fournisseurs de services managés (MSP), des fournisseurs de services de sécurité managés (MSSP), des revendeurs et distributeurs, une marketplace d’intégrations et des partenaires spécialisés dans les cyber risques. Cette stratégie offre aux entreprises la flexibilité nécessaire pour choisir des partenaires de confiance pour protéger leurs opérations.  Le siège de l’entreprise est basé à Oxford, au Royaume-Uni. Plus d’informations sont disponibles sur www.sophos.fr.