Ransomware cost UK universities more than £2 million for each attack

Ransomware attacks cost organisations in the UK’s education sector up to £2 million each, according to a recent Jisc analysis. During the pandemic (COVID-19), a number of severe hacks occurred, causing havoc on the education sector.

Jisc is a non-profit organization that provides network and IT services to institutions of higher learning and research. Since 2020, dozens of UK institutions, colleges, and schools have been targeted by ransomware attacks.

According to John Chapmans, director of Janet policy and strategy, Ransomware and malware are currently the most serious threats to the business. Second place goes to phishing and social engineering.

Ransomware cost UK universities more than £2 million for each attack report

This month, Jisc’s original 2020 cyber impact report was updated to include more anonymous case studies of ransomware-affected organisations. One of the reasons universities have become such a popular target for ransomware attacks is because of the pandemic. The rapid shift to remote working for employees and students have exposed organisations to attacks unknowingly.

The significant breakthrough since Jisc’s initial study on cyber impacts has been the steady increase in ransomware attacks. In 2020, 15 more education and learning (FE) and higher education (HE) organisations were affected by ransomware, with another 18 in 2021 and at least three in 2022.

—Chapman, 20 April 2022

Online education has continued even when campuses reopened following COVID lockdowns, which is part of the problem for schools and colleges.

Personal data and information are increasingly being saved on devices located outside of institutions, Chapman added. Protecting that data, wherever it is, has amplified existing security vulnerabilities and resulted in a number of severe security breaches unintentionally.

IT professionals play an important role in security and are the foundation of any ransomware protection approach. Multi-factor authentication should be used by schools and colleges to improve their security.

According to Jisc, the number of institutions that have implemented MFA has increased significantly, but it has not yet been implemented across the board.

Universities should advise students to adopt strong, unique passwords that are difficult to guess and exploit. If the user’s previous account was hacked, it should be changed.

IT experts can help in figuring out the real effect of these settings and work with security teams to develop mitigation strategies. Many IT administrators maintain and monitor settings and configurations, which are frequently targeted by attackers. IT personnel should be included in security teams to defend against ransomware attacks because of the vital choices they make.

Jisc’s computer security and incident response team (CSIRT) spent more than £2 million assisting HE and FE institutions recover from ransomware attacks. These huge amounts may look unbelievable, but as this study demonstrates, a single incident may disrupt an institution in a variety of ways

Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.

Recent posts