"Education Sector Has Highest Ransomware Victim Count"

According to security researchers at Sophos, the education sector recorded a higher share of ransomware victims than any other in 2022.  During the study, the researchers conducted interviews with 400 IT and cybersecurity leaders globally, split evenly across schools and higher education institutions.  The researchers found that  79% of higher and 80% of “lower” education institutions were compromised by ransomware over the past year, up from 64% and 56% in 2021, respectively.  The researchers noted that exploits and compromised credentials accounted for 77% of ransomware attacks against higher education organizations and 65% of attacks against lower education organizations.  Breaches stemming from compromised credentials (37%/36%) accounted for a much bigger share than the cross-industry average of 29%.  The researchers stated that the lack of adoption of multi-factor authentication (MFA) technology in the education sector makes them even more at risk of this method of compromise.  Interestingly, the researchers noted that the education sector had one of the highest rates of ransom payment, with over half (56%) of higher education victims and 47% of schools paying up.  This may account for why the sector is so frequently targeted by threat actors.  Another possible factor is the fact that higher education institutions are less likely to maintain backups than the cross-sector average (63% versus 70%).

Infosecurity reports: "Education Sector Has Highest Ransomware Victim Count"