As enterprise ransomware continues to accelerate—now striking a business every 40 seconds—it’s also found a new favorite target: educational institutions. A new report from BitSight shows education is now the most targeted industry for ransomware, and headlines back up the stats, with recent attacks on colleges, universities and entire public school districts. One reason hackers are putting schools in their crosshairs: decentralized IT across departments increase the odds of a successful attack.
Decentralized IT—common in higher ed—creates security holes
While collaboration and knowledge-sharing may be top priorities on campus, most departments still operate relatively autonomously—especially when it comes to technology. Operationally, it makes a lot of sense for individual departments to build and support their own IT infrastructure. The astrophysics department has much different technology requirements than the literature department, for example. From a security perspective, however, this lack of standardization and central control increases the likelihood of holes or vulnerabilities. Across a dozen (or dozens of) departments, there’s a good chance at least one has some combination of outdated devices and unpatched OS, inadequate email filtering and AV, faulty data backup or insufficient user training and policy.
Cybercriminals bet on higher-ed IT holes
For cybercriminals playing the odds with exploit kits or phishing scams, the logic is simple: a wider range of IT means a better chance of finding a hole. For comparison, look at how a ransomware attack against a corporation compares to an attack on a university:
See how higher education can prepare for ransomware
Download the Code42 slideshare, “The new threat on campus: Ransomware locks down education,” to see the other common vulnerabilities and learn how to build a ransomware defense and recovery strategy.
Ransomware Roadmap: Where Cybercriminals Will Attack Next