The education sector is one of the hardest hit by ransomware attacks globally endangering learners' data.
A global report on the state of ransomware in education 2022 by Sophos, shows an increasing number of cyberattacks are targeting public, private, international schools, colleges and universities with 60 per cent suffering attacks in 2021 compared to 44 per cent in 2020.
This has been attributed to lack of strong cybersecurity defences and the goldmine of personal data translating to high amounts of money paid to the criminals to restore the data.
Covid led to increased cybercrime as many people accessed services online with schools turning to virtual training on lockdown restrictions.
In terms of the overall cost to restore services, both lower and higher education schools pay Sh187.2 million and Sh168.3 million respectively, than the global average of Sh165.9 million ($1.4 million).
“Educational institutions are also caretakers of vast amounts of personally identifiable information (PII) that can be monetised by criminals. These factors provide enough incentive for criminals to take advantage of this sector,” said Chester Wisniewski, principal research scientist at Sophos.
“Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimised schools with high recovery costs and sometimes even bankruptcy.”
