- While ransomware attacks on colleges and universities across the globe appear to have increased over the past year, these institutions aren’t as well equipped to handle such incidents as companies in other sectors, suggests a new survey from Sophos, a cybersecurity firm.
- The Sophos survey found that higher education institutions worldwide reported the slowest ransomware attack recovery times across all polled sectors. Two in five higher education institutions took more than a month to recover. In contrast, only one in five institutions across all tracked sectors in the survey — including healthcare, business and construction — reported the same.
- Almost two-thirds of higher education institutions, 64%, said they were hit by ransomware in the past year. Around half of respondents said cyber attacks have increased in volume, complexity and impact.
During a ransomware attack, cybercriminals use malware to encrypt an organization’s files and demand payment to make them accessible again. These attacks can seriously harm a college’s operations and finances.
Take the University of California San Francisco, which in 2020 paid a ransomware group $1.1 million to regain control of its servers. The attack came at a time when the university was already grappling with budget cuts.
The costs UC San Francisco faced are fairly typical, the Sophos survey suggests. On average, higher education institutions spent $1.42 million to recover from ransomware attacks, slightly higher than the average across different sectors.
Smaller colleges can face even more dire consequences. Lincoln College, a predominantly Black college that shuttered earlier this year, said a cyberattack that left its systems inoperable for months contributed to its closure.
Sophos hired a research agency to administer its survey to IT professionals in 31 countries during January and February 2022, and 410 higher education institutions were among the respondents. The poll asked them to answer questions based on their experiences in the past year.
A separate report, from cybersecurity firm SonicWall, found that the education industry was the most likely to be hit by malware in the first half of 2022. An average of about one-fifth of education customers were targeted by malware each month during the period, the group found.
According to the Sophos survey, cybercriminals successfully encrypted higher education institutions’ data in 74% of attacks — the highest successful encryption rate reported across all surveyed sectors.
This suggests that colleges and universities aren’t well-equipped to stave off ransomware attacks and don’t have the layered defenses needed to prevent encryption if a group breaks through their walls, according to the report.
Nearly all higher education institutions, 98%, regained access to at least some of their data after it had been encrypted in a ransomware attack, the survey found. More than two-thirds of colleges, 70%, used backups to retrieve their data, and 50% of them paid the ransom. Those survey responses suggest that educational institutions tend to use multiple methods to restore their data.
However, only 2% of higher education institutions recovered all their data after paying a ransom. On average, colleges regained access to about 61% of their data after paying off a ransomware group.
One way colleges can help prepare for a ransomware attack is to buy cyber insurance that covers such incidents. Around three-fourths of K-12 and higher education institutions say they already have this type of coverage, the Sophos survey found.
But it’s getting more difficult to obtain. Roughly half of higher education institutions with cyber insurance say fewer providers are offering this type of coverage and that the level of cybersecurity needed to qualify for it is increasing. Almost one-third of colleges say it is more expensive than it once was.