Welcome to The CITE -- a blog on Course materials, Innovation, and Technology in Education, created by Mark Nelson and now part of the Publications Department of the National Association of College Stores. CITE is a pun with multiple meanings - referring to cite as in citation, something people reference; site as in location, website, or place people go to; and sight as in foresight or looking ahead to what is coming. Comments, discussion, feedback and ideas are welcome.

Monday, October 3, 2016

Is Ransomware Targeting Education?

Education may or may not be the main target for ransomware schemes, according to difference sources. One study from the security-analyst firm BitSight Technologies found that 13% of educational institutions examined by the company had experienced a ransomware attack in the last year, compared to 5.9% of government agencies or 3.5% of health-care providers.

Ransomware disables data from a system until users pay a ransom for its release. U.S. Department of Justice statistics for 2016 indicate there are nearly 4,000 ransomware attacks every day.

“Establishing email security protocols, monitoring key third-party vendors, tracking security ratings, and avoiding file sharing are all ways to mitigate risks associated with ransomware,” Stephen Boyer, co-founder and chief technology officer of BitSight, said in an article for Campus Technology.

Another report from the security firm Datto painted a much different picture for education. The company surveyed 1,100 managed service providers and placed education ninth on its list of ransomware attacks at 12%, far behind professional services (44%) and health care (38%). The study also found that 46% of ransomware attacks came from email phishing, followed by 36% resulting from lack of employee training.

“Malicious emails, coupled with a general lack of employee cybersecurity training, are the leading cause of a successful ransomware attack,” the authors wrote in Datto’s 2016 Global Ransomware Report. “Today’s businesses must provide regular cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for the malware.”

No comments: