Intelligent CISO Issue 79 | Page 21

cyber

TRENDS
The survey reveals that exploited vulnerabilities were the leading root cause of attacks in education , providing cybercriminals with a way into the network for 44 % of lower education and 42 % of higher education ransomware attacks .
Based on this Sophos survey data , schools and other educational organisations could benefit from a layered security approach that includes vulnerability scanning and patching prioritisation guidance to reduce their attack surface , endpoint protection with anti-ransomware capabilities that automatically detect and stop attacks , and 24 / 7 human-led managed detection and response ( MDR ) services to neutralise advanced human-led attacks , ideally leveraging telemetry from backup solutions to detect and stop adversaries before they can cause damage .
“ While there appears to be some positive progress towards combatting ransomware in the education sector , it ’ s concerning that the rate of data encryption continues to increase year after year , which suggests educational organisations need to continue working towards improving their ransomware resilience . With stretched resources and limited budgets , education organisations need to focus on the controls that will have the greatest impact . With the median ransomware recovery cost for education now hitting US $ 3 million , it ’ s clear that investing in strong prevention and protection solutions can considerably reduce the overall financial impact of cyber to educational organisations ,” said Wisniewski .
Sophos ’ report this year incorporates new areas of study : insight into the role of law enforcement in ransomware remediation for education providers . Ninety-nine percent of lower education and 98 % of higher education organisations engaged with law enforcement and / or official government bodies following a ransomware attack . As a result , 64 % of lower education organisations and 66 % of higher education organisations benefitted from advice about dealing with the attack .
Sixty-one percent of lower and higher education organisations received help and support investigating the attack , and nearly 49 % of lower education organisations and 48 % of higher education organisations sought law enforcement ’ s help recovering data encrypted in the attack .
While there appears to be some positive progress towards combatting ransomware in the education sector , it ’ s concerning that the rate of data encryption continues to increase year after year .
Report details
Data for the State of Ransomware in Education 2024 report comes from a vendoragnostic survey of 600 cybersecurity / IT leaders working in the education sector conducted between January and February 2024 . Respondents were based in 14 countries across the Americas , EMEA and Asia Pacific . All respondents represent organisations with between 100 and 5,000 employees .
WWW . INTELLIGENTCISO . COM 21