Over recent years, unrelenting cyber-attacks bombard the education sector. As a result of the pandemic, the shift to remote learning environments created an attractive target out of organizations within higher education. The education sector reported the highest rates of ransomware attacks out of all the industries surveyed in 2023. Numerous academic institutions were hit by data breaches and ransomware attacks this year, and the list goes on each day.

Research done by Sophos found that exploited vulnerabilities followed by compromised credentials are the leading causes of collegiate ransomware attacks. Together, they account for over three-quarters of ransomware attacks in higher education. Email-based attacks, like phishing, are a less common root cause but still provoke about one in five ransomware incidents. As the threat landscape continues to evolve in sophistication, the frequency of attacks is predicted to increase. Ransomware is the biggest culprit; 79% of higher education providers report that they were hit by ransomware in 2023.


Why the education sector?

So, what makes the education sector such a prime target? The sensitive nature of data collected by universities, their vast networks, and IT constraints come together to create the perfect prey in the eyes of cybercriminals.

From enrollment to graduation, universities take in a plethora of data about students, alumni, faculty, and staff. Social security numbers, home addresses, health records, and banking information are typical data for universities to house. However, hackers can hold this personally identifiable information for ransom, use it for identity theft, or sell it on the dark web if left unprotected. One particularly gruesome ransomware attack against Minneapolis Public Schools in March leaked nearly 200,000 individual files revealing extremely sensitive information. Disciplinary and health documents, complaints of misconduct and assault, tax forms, budget and payroll documents, building security layouts, and more among the leak.

Another feature of academic institutions that makes them profitable to threat actors is their multitude of endpoints. Students and staff require access to university-affiliated applications from multiple devices between cell phones, tablets, or personal computers. Adversaries can exploit any network endpoint and use it as a point of entry. Within this massive network, many individuals may also lack the cybersecurity knowledge to ensure they are following best privacy practices. This includes taking necessary precautions when doing ordinary things like navigating the internet, connecting to public Wi-Fi networks, or reviewing email sources.

In addition to a myriad of endpoints, many universities have budget limitations that can inhibit the quality and attention dedicated to proper security. Cybersecurity costs range from 3-12% of a university’s IT budget, and in 2021 higher education IT budgets decreased by 5%. Yet, the expansion of threats demands an IT budget that reflects the urgency present in the sector.


The fallout of ransomware in higher education

In conjunction with immediate logistical damage, the aftershocks of malware in higher education manifest through hefty repair costs, increased downtime, and tainted reputations. The sector reported one of the highest rates of ransom payment, with more than half of organizations paying the ransom for stolen data. Recovery costs (excluding the ransom) for higher educational organizations that paid the ransom were $1.31 million. Other reports indicate the overall cost of these attacks in the education sector to be around $9.45 billion. Overall, it is evident that the education sector pays the price of insufficient security not only in dollars but in time, too. In 2022, schools lost an average of 11.65 days to downtime and spent 42 days recovering from an attack. On top of financial and productivity deficits, a ransomware attack can deliver lingering feelings of distrust among those affected, negatively impacting organizations and individuals alike.

The education sector is in dire need of protection against ransomware. Exploited vulnerabilities, compromised credentials, and other attack vectors in higher education have major consequences. Among these consequences are detrimental leaks of private information about students, parents, and staff along with financial, productivity, and reputational damages to institutions. The findings of reports in the education sector emphasize the need for strong cyber hygiene, along with regular backups of critical data. Even further, comprehensive plans for prevention and recovery are crucial to safeguarding our academic institutions. It is apparent that the repercussions of a successful ransomware attack outweigh the efforts involved in implementing security measures, making it imperative to invest in adequate security solutions.