Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector. The warning comes from Jisc, a not-for-profit organisation that provides network and IT services to higher education and research institutions. Jisc’s ‘Cyber Impact 2022’ report suggests there’s an increased threat of ransomware attacks against education. 

ZDNet Recommends

According to the report, dozens of UK universities, colleges and schools have been hit with ransomware attacks since 2020, causing disruptions for staff and students, and costing institutions substantial amounts of money. In some incidents, Jisc says impact costs have exceeded £2 million. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)And the attacks keep coming, as the report details how two universities and a further education and skills (FES) provider were hit by separate ransomware attacks during March 2022.The institutions aren’t specified, but the report says each incident caused a significant impact as systems were taken down to prevent further spread of malware, and to safely recover and restore data. In one case, a third party was called in to help the organisation fully recover from the incident.  According to Jisc, higher education views ransomware and malware as the top cybersecurity threat, followed by phishing and social engineering. The report suggests that one of the reasons universities have become such a common target for ransomware attacks is because of the pandemic-induced sudden shift to remote working for staff and students that inadvertently left institutions open to attack. For example, the switch to remote education led to a big rise in the use of remote desktop protocol, which can provide ransomware attackers with a route into networks.  Cyber criminals can send out phishing emails to steal usernames and passwords, which they can use to enter networks via legitimate user accounts. It’s also possible for cyber criminals to use brute-force attacks to break into accounts that use common or previously breached passwords. “This underlines the importance of basic security controls being in place, such as protections against brute-force attacks,” says the report. While the threat posed by ransomware and other cyberattacks to higher education is well known, some institutions are struggling, particularly when IT and information security teams are hamstrung by a lack of resources. “We are doing our best, but all areas of IT support seem to be growing and requiring more attention and it’s one part of a larger role (where its importance should be far greater). The pandemic has only stretched us further,” an undisclosed FES provider told Jisc. SEE: These are the problems that cause headaches for bug bounty huntersOne of the steps that organisations can take to protect accounts from being hacked and exploited to help launch a ransomware attack is to provide all users with multi-factor authentication (MFA). According to Jisc, there has been a sharp rise in the number of institutions that have MFA in place, although it hasn’t yet been rolled out across the board yet.It’s also recommended that universities encourage the use of strong, unique passwords, which makes them harder to guess and for cyber criminals to breach accounts, even if another account by the user has previously been stolen. In addition, it’s highly recommended that security patches are rolled out as soon as possible, so that devices, operating systems and software aren’t left exposed to known security vulnerabilities. MORE ON CYBERSECURITY More

Children across the country will have the opportunity to crack codes, fix security flaws and examine the trails left behind by cyber criminals as part of a new learning experience they can take part in from home. The initiative from the Department for Culture Media and Sport (DCMS), the National Cyber Security Centre (NCSC), the […] More

PM Images/Getty Images In 2021 and 2023, Cash App suffered two different data breaches — one in which a former employee downloaded user transaction reports, and another in which an unauthorized person accessed user account data. A new class action lawsuit alleges that Cash App was negligent in handling these breaches and didn’t properly address […] More

Ron Jenkins, Getty Images An activist group has published on Friday 296 GB of data they claim have been stolen from US law enforcement agencies and fusion centers. The files, dubbed BlueLeaks, have been published by Distributed Denial of Secrets (DDoSecrets), a group that describes itself as a “transparency collective.” The data has been made […] More

Believing they will not encounter cybersecurity incidents, small and midsize businesses (SMBs) do not see a need for cyber insurance. Among 39% of SMBs in Singapore that are not considering or remain undecided about getting protection against cyber risks, half say it is because they are unlikely to experience cybersecurity or cybercrime issues. Another 54% say they do not store sensitive or personal data online and, hence, do not see a need for cyber insurance. These findings were from a study commissioned by insurer QBE Insurance Group in Singapore and conducted by Creative Way Consultants, which polled 416 decision-makers from local SMBs. The annual survey was carried out last quarter. Amid the apparent lack of enthusiasm for cyber insurance, though, 97% said they were aware of potential cyber risks to their business. Some 21% expressed concerns about data protection and security, with 38% admitting to being affected by cyber incidents last year, up from 26% in 2021. About 9% of respondents said they operated without any process or insurance against cyber risks, the study found. Digital transformation, though, remained of great interest, with 66% of SMBs embarking on digitalisation efforts over the past year. Another 34% said they would continue to invest in digital technologies to reach more customers, while 32% would do so to grow their business and 32% would digitalise for higher productivity. With their smaller pockets, it should come as no surprise that 29% of SMBs cited high cost of investment as a barrier in their digitalisation efforts. Some 27% pointed to a lack of financing, while 24% pointed to a lack of digital skills as a barrier. A further 23% saw potential business disruptions as a barrier, while 21% highlighted complexities in digital technologies. Another 21% saw the need to ensure data protection and security as a barrier to digital transformation. SMBs are hot targets of cybercrimes in Singapore, where these businesses account for the bulk of victims impacted by ransomware attacks. In particular, SMBs from sectors such as manufacturing and IT accounted for the bulk of reported ransomware cases in 2021. According to a study last year by Coleman Parkes, Singapore enterprises had to deal with 54 cybersecurity incidents on average each day, with 39% managing 50 to 200 such incidents a day. Some 62% said they were struggling to keep up with the evolving threat landscape. A report from Trend Micro last week estimated that Asia-Pacific experienced the most ransomware attacks last year, with 38.06% of such attacks targeted at the region. Some 18.9% of ransomware victims in Asia-Pacific chose to pay up, compared to the global average of 10% and 11.1% in Europe, which had the lowest ransomware payment rate. Of 14 billion threats it blocked in Asia last year, Trend Micro said more than 1 billion were in Singapore alone. Mobile security issues ranked the highest in Asia. RELATED COVERAGE More