How Does K-12, Higher Education Fare In A Ransomware Attack?

Ransomware is a high concern for universities, colleges and K-12 schools and districts. But, globally, education may face a somewhat more promising picture than other sectors, according to a recent Sophos report that surveyed 31 countries. Respondents included 5,600 IT professionals, of which 730 were from education organizations.

Worldwide, 64 percent of organizations in higher education and 56 percent in lower education suffered ransomware attacks in 2021 — less than the 66 percent global average, Sophos found. Schools also were less likely to see an increase in threats: 57 percent of organizations across sectors said 2021 brought a greater volume of cyber attacks, while just 53 percent of higher ed and 47 percent of lower ed said the same.

Lack of consistent reporting requirements prevents a precise picture of trends in the U.S., said Amy McLaughlin, cybersecurity subject matter expert for the Consortium of School Networking (CoSN), a K-12 professional association and advocacy group. Still, “a good number” of K-12 school districts she’s worked with have experienced at least a small-level ransomware incident.

“And even if a district hasn’t actually experienced a bigger ransomware event, they all know somebody who has,” McLaughlin told Government Technology*.

In higher ed, ransomware tends to be opportunistic and financially motivated, said Kim Milford, executive director of the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), which serves higher education and research institutions.

Since January 2022, REN-ISAC saw more than 20 ransomware attacks against U.S. higher education that were significant enough to make the news, and many more likely went unannounced, Milford told GovTech. Notable ransomware groups conducted several of these: BlackCat (reportedly behind attacks on Florida International University and the University of North Carolina A&T), LockBit (allegedly also responsible for attacking Italy’s tax agency and a Canadian town) and Vice Society (which allegedly struck Austria’s Medical University of Innsbruck in June).

Elusive Cyber Staff

Limited funds…