New Ransomware Report: Education Is Targeted The Most
According to a new report by security ratings provider BitSight, the top six industries attacked by ransomware are education, government, healthcare, finance, retail and energy (utilities). The cybersecurity firm analyzed over 20,000 companies in the mentioned sectors.
The most attacked industry is education where 13 percent of the organizations were attacked following by government agencies with 6 percent and healthcare with 3.5 percent. The financial sector was the lowest risk one with only 1.5 percent of the firms affected by ransomware attacks.
“Ransomware is a legitimate threat, with estimates from the U.S. Justice Department showing that over 4,000 of these attacks have occurred every day since the beginning of 2016,” Stephen Boyer co-founder and CTO of BitSight said in a press release. “While several ransomware attacks on healthcare companies have made headlines this year, the issue is more widespread.”
The report says ransomware attacks have excessively increased, it doubled or tripled in some cases. The reason for the rise is that an immense number of the software is available for cybercriminals, including the Nymaim Trojan and Locky.
From July 2015 to July 2016, the average security rating of the education industry fell by about 15 percent. The report also mentioned that the other sectors remained relatively steady.
“This finding is not surprising,” Engin Kirda professor of computer science at Northeastern University said. “The reason being that these are the organizations that typically have low budgets for deploying state-of-the-art security solutions.”
According to the BitSight report, K-12 schools mostly have smaller IT teams and budgets. This is a serious problem at universities with high file-sharing activities. The cybersecurity firm released a report earlier this year, which shows that 58 percent of academic institutions allow file-sharing within their network.
Schools hold plenty of information that could be worthwhile for cybercriminals, this includes social security numbers, medical records, financial information, and research info, according to the report. To avoid HIPAA (Health Insurance Portability and Accountability Act) concerns and other regulatory violations, institutions are most likely to pay the ransom to the criminals.
In June, the University of Calgary paid a $20,000 ransom to the hackers after an attack encrypted their email system.
“The expertise of our IT department allowed the university to isolate the effects of the attack and make significant progress towards the restoration of the affected portions of our systems,” Linda Dalgetty, the university’s vice-president of finance and services said in a press release. “There was no indication that any personal or other university data was released to the public.”
A 2014 study by Educause says that 551 data breaches occurred at US universities. Symantec’s 2016 Internet Security Threat Report ranked education third overall among the top 10 most-breached sectors, after the health and business industry. The report added that five million identities in the education sector were exposed due to these attacks.
BitSight offers these tips for protecting against ransomware:
“Establish email security protocols, including educating employees about phishing attacks and ways to stay safe on company networks.
Identify commonly used vendors and monitor them for malware.
Continuously check security systems and networks to determine possible areas of weakness or signs of infection.
Avoid peer-to-peer file sharing on your network, and inform employees of this policy.”