While the Sector Reports One of the Highest Rates of Ransom Payments, Doing So Significantly Increased Recovery Costs and Time

OXFORD, U.K. — 七月 26, 2023 —

Sophos, a global leader in innovating and delivering cybersecurity as a service, released a new sectoral survey report, “The State of Ransomware in Education 2023,” which found that education reported the highest rate of ransomware attacks in 2022. Over the past year, 79% of higher educational organizations surveyed reported being hit by ransomware, while 80% of lower educational organizations surveyed were targeted—an increase from 64% and 56% in 2021, respectively.

Additionally, the sector reported one of the highest rates of ransom payment with more than half (56%) of higher educational organizations paying and nearly half (47%) of lower educational organizations paying the ransom. However, paying the ransom significantly increased recovery costs for both higher and lower educational organizations. Recovery costs (excluding any ransoms paid) for higher educational organizations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when using backups. For lower educational organizations, the average recovery costs were $2.18 million when paying the ransom versus $1.37 million when not paying.

Paying the ransom also lengthened recovery times for victims. For higher educational organizations, 79% of those that used backups recovered within a month, while only 63% of those that paid the ransom recovered within the same timeframe. For lower educational organizations, 63% of those that used backups recovered within a month versus just 59% of those that paid the ransom.

“While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals,” said Chester Wisniewski, field CTO, Sophos.

For the education sector, the root causes of ransomware attacks were similar to those across all sectors, but there was a significantly greater number of ransomware attacks involving compromised credentials for both higher and lower educational organizations (37% and 36% respectively versus 29% for the cross-sector average). 

Additional key findings from the report include:

  • Exploits and compromised credentials accounted for more than three-fourths (77%) of ransomware attacks against higher educational organizations; these root causes accounted for more than two-thirds (65%) of attacks against lower educational organizations
  • The rate of encryption stayed about the same for higher educational organizations (74% in 2021 versus 73% in 2022), but increased from 72% to 81% across lower educational organizations during the past year
  • Higher educational organizations reported a lower rate of using backups than the cross-sector average (63% versus 70%). This is the third lowest rate of backup use across all sectors. Lower educational organizations, on the other hand, had a slightly higher rate of using backups than the global average (73%)

“Abuse of stolen credentials is common across sectors for ransomware criminals, but the lack of adoption of multifactor authentication (MFA) technology in the education sector makes them even more at risk of this method of compromise. Like the U.S. federal government’s initiative to mandate all agencies use MFA, it is time for schools of all sizes to employ MFA for faculty, staff and students. It sets a good example and is a simple way to avoid many of these attacks from getting in the door,” said Wisniewski.

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

  • Strengthen defensive shields with:
    • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
    • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
    • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
  • Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
  • Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

To learn more about the State of Ransomware in Education 2023, download the full report from Sophos.com.

The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 400 from the education sector, across 14 countries in the Americas, EMEA and Asia Pacific. This includes 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and both public and private sector education providers.

关于 Sophos

Sophos 是全球领先的网络安全公司,凭借其人工智能驱动的平台和专家主导的服务,保护着全球 60 万家组织的安全。Sophos 根据各组织在不同安全成熟度的各式各样的需求提供支持,并与其共同成长,携手应对日益严峻的网络攻击。其解决方案结合机器学习、自动化、实时威胁情报以及来自 Sophos X-Ops 的前线真人专家的专业知识,提供 24/7 全天候高级威胁监控、侦测与响应服务。
Sophos 提供行业领先的托管式侦测与响应 (MDR) 服务,同时配备一整套全面的网络安全技术组合,包括端点、网络、电子邮件和云安全、扩展式侦测与响应 (XDR)、身份辨识威胁侦测与响应 (ITDR),以及下一代 SIEM。结合专家咨询服务,这些能力帮助组织主动降低风险,并更迅速地响应,提供力求在不断变化的威胁面前保持领先所需的可见性和可扩展性。
Sophos 通过全球合作伙伴生态系统进入市场,包括托管式服务提供商 (MSPs)、托管式安全服务提供商 (MSSPs)、经销商、分销商、市场集成商以及网络风险合作伙伴,为组织提供灵活的选择,使其能够在保护业务安全的同时建立值得信赖的合作关系。  Sophos 总部位于英国牛津。如欲了解更多信息,请访问 www.sophos.cn。