Ransomware's prime target: Schools and universities

Image from Pixabay

When news broke that a ransomware attack would shut down Lincoln College, many reacted with surprise and shock. The questions on almost everyone’s minds were: How could this happen, how could it have been prevented, and, perhaps most importantly, who might be next?

But looking at the data around cybercrime, Lincoln College isn’t an outlier. It’s part of a much broader, disturbing trend in cybercrime that college administrators and leaders ignore at their own peril.

As the pandemic accelerated shifts in digital transformation and remote learning for schools, cybercriminals adapted to exploit the situation. Now, schools are in their crosshairs, and every unsecured password, new digital device and unprepared employee is a possible vulnerability. In response, every school system needs to educate its staff and invest in the proactive privacy and data protections that will mitigate risk — before they become the next victim.

In hindsight, the ransomware attack that crippled Lincoln College should have come as no surprise. Ransomware attacks have surged in the last two years, nearly doubling in frequency in 2021. And while businesses, both small and large, are some of the most common victims of cybercrime, it’s schools that entice today’s ransomware hackers; according to the FBI, colleges, universities and schools are the most popular target for ransomware attacks.

This surge in ransomware crime is nothing to scoff at. Ransomware is debilitating, and not just because hackers can charge a high price to reclaim captured data; infected systems can take months to recover, and losing access to vital data can disrupt mission-critical operations like admissions, course enrollment or financial management.

In fact, these long-term, debilitating effects of a ransomware hack are a big reason why schools are a prime target for today’s ransomware hackers. Institutions that run time-sensitive operations are far more likely to pay a higher ransom than a small business — if an organization can’t afford to lose data, they’re more willing to negotiate a payout.

But schools aren’t just lucrative targets; they’re easy targets, too. Institutions of higher education are notorious for underfunding their information technology (IT) departments. At some smaller colleges, IT is simply run through the registrar’s office. What’s worse, most colleges, even big ones, don’t have comprehensive security protocols that can cover every department and digital system. Individual departments have individual file systems, and system security varies widely from department to department.

It’s the perfect environment for cybercrime to thrive. A hacker only needs one compromised password or one employee who doesn’t look closely enough at a phishing link in a sketchy email to access important file systems. And once a hacker gets into one system, it’s easy for them to jump to another — 53% of people use the same password for multiple accounts.

Schools are on the back foot, and it’s only a question of when, not if, they will experience a cyberattack.

Luckily, there are some best practices that school administrators can implement to protect themselves. The first and best step would be for schools to educate, train and protect their staff. Most cyberattacks today start with simple social engineering tactics like phishing, and preparing staff to identify and resist these threats is key to bolstering school cyber defenses.

A crucial next step is proactively protecting staff. Data and privacy protection software that helps staff set secure passwords and protect their digital identities can go a long way toward mitigating the most common vulnerabilities and thwarting the most obvious threats.

That’s in the short term. Long-term, there’s almost no such thing as “too protected,” and schools can continue to invest in better cybersecurity protections, IT staff and more.

But the bottom line is that it’s past time for schools to start taking cybersecurity quite seriously. Hackers are ready, willing and able to launch an attack; schools need to be prepared. Lincoln College is not an isolated incident, and the next victim of a ransomware attack could be anyone.

Tom Kelly is president and CEO of IDX. He is a Silicon Valley serial entrepreneur having led both public and private technology companies through all stages of growth. He has led companies through IPOs as well as other successful exits via acquisition. With decades of experience as CEO in enterprise software companies, Tom most recently was CEO at security software company AccelOps and Moxie Software. Tom has a BS from Santa Clara University and operates out of Portland and Silicon Valley.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.