Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
A good back-to-school shopping list includes fresh pencils, a shiny new notebook or two, and (checks notes)…cash for a ransom note?
Every college and university that had encrypted its data was able to regain control of it after an attack last year, according to an international survey of IT leaders conducted by Sophos. But these institutions were also more likely to pay a ransom to do so than organizations in other sectors.
The UK-based cybersecurity firm’s annual report, which publishes data on the impacts of ransomware, said 100% of higher-education and 99% of lower-education organizations surveyed restored their encrypted data after bad actors hijacked it. The report is based on responses from 3,000 IT and cybersecurity stakeholders from 14 countries, and included 400 education respondents.
But before we give IT administrators an honorary degree in crisis management, consider that the survey also found colleges and universities more likely than organizations in other industries to pay a ransom: 56% of over-18 institutions coughed up the funds to recover their data, compared to 46% of ransomware victims across all sectors.
These costs add up: The average ransom price tag this year is $1.54 million, almost twice the mean amount from 2022, Sophos said.
Higher ed underperforms when it comes to maintaining data backup systems, according to the survey, which found that less than two-thirds (63%) of colleges and universities used backup systems to restore their data, compared with 70% of organizations across sectors and 73% of lower-ed institutions.
Overall, Sophos found that educational institutions are a prime target for bad actors, and the threat is only growing. The attack rate on schools continued to rise in 2022, and in 2023, it’s more than twice as high as it was in 2021.
“This considerable increase in the attack rate makes clear that adversaries are now able to execute attacks at scale consistently, and ransomware is arguably the biggest cyber risk facing education providers today,” the report said.