Education may or may not be the main target for ransomware schemes, according to difference sources. One study from the security-analyst firm BitSight Technologies found that 13% of educational institutions examined by the company had experienced a ransomware attack in the last year, compared to 5.9% of government agencies or 3.5% of health-care providers.
Ransomware disables data from a system until users pay a ransom for its release. U.S. Department of Justice statistics for 2016 indicate there are nearly 4,000 ransomware attacks every day.
“Establishing email security protocols, monitoring key third-party vendors, tracking security ratings, and avoiding file sharing are all ways to mitigate risks associated with ransomware,” Stephen Boyer, co-founder and chief technology officer of BitSight, said in an article for Campus Technology.
Another report from the security firm Datto painted a much different picture for education. The company surveyed 1,100 managed service providers and placed education ninth on its list of ransomware attacks at 12%, far behind professional services (44%) and health care (38%). The study also found that 46% of ransomware attacks came from email phishing, followed by 36% resulting from lack of employee training.
“Malicious emails, coupled with a general lack of employee cybersecurity training, are the leading cause of a successful ransomware attack,” the authors wrote in Datto’s 2016 Global Ransomware Report. “Today’s businesses must provide regular cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for the malware.”