Education may or may not be the main target for
ransomware schemes, according to difference sources. One study from the
security-analyst firm BitSight Technologies found that 13% of educational institutions examined by the company had experienced
a ransomware attack in the last year, compared to 5.9% of government agencies
or 3.5% of health-care providers.
Ransomware disables data from a system until users pay
a ransom for its release. U.S. Department of Justice statistics for 2016 indicate
there are nearly 4,000 ransomware attacks every day.
“Establishing email security protocols, monitoring key
third-party vendors, tracking security ratings, and avoiding file sharing are
all ways to mitigate risks associated with ransomware,” Stephen Boyer,
co-founder and chief technology officer of BitSight, said in an article for Campus Technology.
Another report from the security firm Datto painted a
much different picture for education. The company surveyed 1,100 managed
service providers and placed education ninth on its list of ransomware attacks
at 12%, far behind professional services (44%) and health care (38%). The study
also found that 46% of ransomware attacks came from email phishing, followed by
36% resulting from lack of employee training.
“Malicious
emails, coupled with a general lack of employee cybersecurity training, are the
leading cause of a successful ransomware attack,” the authors wrote in Datto’s 2016 Global Ransomware Report.
“Today’s businesses must provide regular cybersecurity training to ensure all
employees are able to spot and avoid a potential phishing scam in their inbox,
a leading entrance point for the malware.”