At the beginning of 2018, the FBI and the Department of Education Inspector General revealed that hackers had tried to sell over 100 million private records from almost 100 schools and businesses as of the end of last year. 100 million records seems like a lot, but when you consider that more than 63 percent of organizations experienced an attempted ransomware attack in 2017, with 22 percent reporting these incidents occurred on a weekly basis, it’s easy to see how pervasive and far-reaching the threat of ransomware is.
The education industry is at an additional disadvantage when it comes to protecting against ransomware – it’s an attractive target. Educational institutions have been shown to have three times the rate of ransomware infections found in Healthcare, and 10 times the rate found in Finance. Much like healthcare institutions, data in education contains information that is incredibly sensitive – Social Security numbers, student loan data, personal details such as date of birth – and within the education industry, this data is largely unprotected.
Most K-12 school districts have limited technology budgets and few resources to support cybersecurity investments. To help foster better communication, many of these schools also have fairly open “Bring Your Own Device” (BYOD) policies, which introduce additional avenues for hackers to access data.
Universities and colleges face similar resource constraints, and much like K-12 school districts, have BYOD policies in place. As such, ransomware attacks are more likely to happen and with an attack comes significant compliance and legal ramifications.
Take the University of Central Florida, for example. The school was sued for a data breach that impacted 63,000 individuals, both students and faculty. And it’s not just in the US that this is an issue – in the UK, more than two-thirds of all universities have reported ransomware attacks. In all, one in 10 educational institutions surveyed by BitSight reported some form of ransomware on their networks. This is an issue that is pervasive, destructive and is not going away.
Understand How Ransomware Works
The first step in knowing how to protect against ransomware is understanding how it works. Ransomware can enter a system through a few different entry points, the first being plain old human error, which also happens to be the leading cause of data loss. Clicking through a link via email or downloading unknown attachments are activities that hackers love to exploit to launch ransomware. Another avenue is using BYOD connections, which may not be equipped with the same protection as in-school devices. These not only include cellphones and tablets, but malware can even get in vis USBs that end users may connect to internal systems. Finally, third-party software or file sharing networks can act as ushers for ransomware attacks. Collaboration suites like G Suite and Office 365 fall into this area, where shared files can become vectors for malware proliferation.
G Suite and Office 365 are attractive to educators, not just because they are affordable and create a collaborative learning environment, but they can also help boost student motivation and performance, as these tools can meet the need for more social learning. There are currently 70 million users of G Suite for Education, including 7 of the 8 Ivy League schools and the majority of the top 100 universities in the US.
For all the benefits of these collaboration suites, SaaS applications are not inherently protected from exploitations. Although using G Suite or Office 365 provides institutions with greater agility, collaboration and flexibility and do offer some disaster recovery capabilities, they only protect against their own disasters – not yours. This means that if a colleague accidentally overwrites, destroys or deletes someone else’s work, the SaaS provider is unlikely to recover the information. The same goes for data lost migrating to a new device, malicious data deletion or, of course, data lost due to ransomware.
Recover Your Data: Pay or Revert to a Backup
The second thing to understand about ransomware is that there are only two ways to recover your data: pay the ransom or revert to a backup. While there are a number of companies that claim to be able to crack ransomware, these organizations often just act as middle men, paying the ransom and returning the data as if it was recovered through proprietary software. The only way to recover data without a hefty cost is to restore back to the last known good version of data.
Whatever solution an institution chooses, it should be powerful enough to restore lost data and easy for your staff and students to use, without having to engage the IT department. And it shouldn’t exist in a silo. Organizations need to create recovery plans that not only encompass the chain of command for reaction and action, but also covers the protection of metadata, which contains critical information needed in order to locate specific pieces of restored data.
When data loss occurs – because it inevitably will – be prepared. Understand the benefits and limitations of SaaS solutions, create a data recovery plan and invest in a third-party backup and recovery solution to counteract the pain of ransomware. The joy of learning should never be held hostage, and, with proactive measures, it never will be.
*** This is a Security Bloggers Network syndicated blog from Spanning authored by Brian Rutledge. Read the original post at: https://spanning.com/blog/learning-held-hostage-how-to-prepare-for-and-prevent-data-loss-due-to-ransomware/