80% of education providers hit with ransomware last year, Biden administration responds
September 2023 by Atlas VPN
As the 2023 academic year kicks off, schools across the globe are facing an escalating cybersecurity crisis, the Atlas VPN team reports. Data shows the education sector is the most targeted industry by cybercriminals, primarily motivated by the high percentage of schools choosing to pay the ransom.
A recent Sophos survey of 3,000 IT and cybersecurity leaders across 14 countries, including 400 from the education sector, conducted in January-March 2023, reveals that 80% of lower education providers and 79% of higher education institutions reported ransomware attacks in the last year.
Construction (71%), the federal government (70%), and media & entertainment (70%) are also within the top five most targeted industries by ransomware attacks, but at a notably lower rate than educational establishments.
The vulnerability landscape
The survey identifies compromised credentials and exploited vulnerabilities as the top root causes of ransomware attacks in education.
In lower education, 36% of attacks originated from compromised credentials, while in higher education, 40% were due to exploited vulnerabilities.
These figures indicate a need for robust cybersecurity measures and employee training in educational institutions.
Financial and operational costs
While the immediate financial cost of a ransomware attack is evident, the recovery from the attack also includes the cost of system downtime, loss of productivity, and reputational damage.
The mean cost to recover from ransomware attacks across all sectors is estimated at $1.82 million, an increase from the $1.4 million in 2022.
In lower education, the recovery costs have remained steady at around $1.59 million in 2023 and 2022.
Recovery costs in higher education have decreased significantly from the $1.42 million reported last year to just over $1 million in 2023.
Meanwhile, On August 7, 2023, the Biden-Harris Administration released a statement outlining new efforts to strengthen America’s K-12 schools’ cybersecurity.
The new initiatives aim to provide up to $200 million over three years to bolster cyber defenses in K-12 schools.
A Government Coordinating Council will also be established to facilitate communication between federal, state, local, tribal, and territorial education leaders to enhance US schools’ cyber defenses and resilience.