Author: Bharani, ManageEngine
Ransomware’s new favourite victim is educational institutions. Ransomware attacks, that exploit targets utilising malicious software code, have increased tremendously over the past few years. In addition to targeting business sectors, cybercriminals are now attempting to ambush the security posture of educational sectors.
Educational institutions are an easy prey for ransomware attackers as they lack the fundamental elements of a secured network. According to findings from a 2022 global survey, ransomware groups attacking educational institutions have encrypted around 73% of their data. Only a limited number of educational institutions recovered all their data after paying the ransom, while most were able to recover only 62% of their data.
Devastating ransomware attacks disrupt the functionality of educational institutions.
- The most recent attack was orchestrated by the Vice Society ransomware operation, targeting the Cincinnati State Technical and Community College. The threat actors leaked confidential documents online, and indications are that the ransom was never paid, as reported by Bleeping Computer. The college has found it difficult to cope with the effects of the cyberattack. This ransomware group mainly targets educational institutions it identifies as weaker in security aspects.
- One of the major headlines in 2022 is the ransomware attack in Chicago Public Schools that exposed the data of 500,000 students. Two ransomware groups are suspected in this breach.
- In December 2021, Lincoln College decided to shut down after serving students and its community for 157 years. Lincoln College was struggling to overcome the effects of COVID-19 when it was struck by something worse, a ransomware attack.
With newer ransomware strains being released every day, IT admins must focus on tightening the security posture of their school’s network. Most educational institutions cannot afford to dedicate a team exclusively to improving their security.
According to a report by the Multi-State Information Sharing and Analysis Center, the average school spends less than 8% of its IT budget on cybersecurity, with one in five schools spending less than 1%. Cyberattackers find it easy to penetrate their networks as they have weak security compared to other industries.
The attackers penetrate networks by finding loopholes such as stolen credentials, phishing campaigns, and more. To prevent and protect your organisation from ransomware attacks, ensure that all the common entry points are being secured.
10 security practices that should be followed in every educational institution.
- Deploy security configurations to prevent brute-force attacks. For example, deploy stronger password policies and use two-factor authentication to keep your endpoints secured.
- Eliminate software and firmware vulnerabilities by staying up-to-date with released patches. Vulnerabilities, if exploited, can result in a major cyberattack, so ensure they are prioritised and remediated immediately.
- Audit and monitor all activities in your network and identify suspicious incidents. This can be achieved by actively auditing your ports, firewall, BitLocker, and more.
- Uninstall outdated and high-risk software once identified on your network.
- Allow installation of safe and secure applications on your network.
- To avoid insider attacks, establish privilege management and just-in-time access controls for users.
- Block malicious web extensions and web applications on your browsers to prevent browser-based attacks.
- Monitor and manage peripheral devices on your network to prevent data leakage.
- Backup your data at regular intervals.
- Have an anti-virus solution to detect hash-based attacks.
Enforcing these 10 security practices can be a bit difficult, and especially in a school environment that often has limited resources dedicated to IT security. Not all security solutions let you follow all the practices mentioned above, so it can be even more difficult for the IT admins of schools and educational institutions as they might need to maintain multiple solutions to achieve security.
ManageEngine Endpoint Central, is a one-stop solution for fulfilling all your security and management needs. This cost-effective solution enables you to maintain and secure all the endpoints present in your network with its unified endpoint security features. Endpoint Central offers a plethora of security features that include:
Threat and vulnerability management
- Improve your security posture with integrated threat and vulnerability management by instantly detecting and remediating vulnerabilities.
- Enhance security by deploying security policies and mitigating system misconfigurations.
- Eliminate high-risk software to avoid data breaches by actively auditing your network.
- Roll out security patches after automatically testing them on your organisation’s network to thwart exploits.
- Implement automated patch deployment to easily roll out patches across your network.
- Patch OS and more than 850 third-party applications across multiple platforms.
Peripheral device security
- Manage and audit the usage of peripheral devices on your network.
- Enable file shadowing and file tracing, along with role-based controls for users.
- Allow, restrict, or remove devices based on the user’s requirements, and establish a trusted list of devices to maintain security.
- Discover all the applications running on your network.
- Allow only enterprise-approved applications across your network to enhance productivity and security.
- Establish privilege management to prevent insider attacks.
- Gain a holistic view of the multiple browsers used in your enterprise network.
- Implement a safe browsing experience for your end users by detecting and removing harmful plug-ins from your network.
- Lockdown enterprise browsers, harden your browser settings, and filter out malicious web applications to stay safe from cyberattacks.
Data loss prevention
- Use predefined templates to discover all sensitive data, and classify them with data containerisation.
- Establish strict protocols for data access and transfer.
- Swiftly remediate false positives to enhance both productivity and security.
- Patented machine learning-based behaviour analysis to detect ransomware attacks accurately.
- Gain complete insights into the root cause of attacks while providing immediate incident response and prevent similar future attacks.
- One-click rollback of files via patented recovery process with Microsoft VSS.
Learn more about the unified endpoint security features in Endpoint Central and book a free demo with one of our solution experts.