Once again ransomware in education has made the news – a worrying trend which has now seen stolen credentials from the second largest school district in the US (LAUSD) published for sale on the dark web.  

But the problem is not just confined to US borders, and the UK is not immune. In August, TechMonitor reported Russian ransomware gang Hive threatened to leak the personal information of students from Wootton Academy Trust, sharing a £500,000 ransom demand. It’s just one example of ongoing efforts by cybercriminals to monetise the exploitation of the sensitive data of young people in the UK.  

Like many across the education sector, we’re sure securing yourself against ransomware is high on your priority list, and for good reason. The NCSC’s recent Annual Review announced ransomware is the number one cyber threat facing enterprises and SMEs (small-to-medium enterprises) alike in the UK. 

While these statistics and stories are alarming, they can serve as cautionary tales for the UK education sector. Here, we share our top 3 pieces of advice for professionals in the education sector who want to defend their organisation against ransomware. 

1. Make regular back-ups 


Backup and recovery solutions can often be an afterthought for education organisations when it comes to cyber security, but they are vital for defending yourself against ransomware. In fact, fresh research from Veeam found that the average ransomware victim loses 17% of their data per attack. In the event an organisation pays a ransom (something not recommended by the NCSC), the recovery of stolen data is very slow, and the result is often partial or fails entirely. 

Our advice is to create and regularly test a robust backup strategy to ensure your data is protected and its integrity is intact. Confirm your data backup is reliable using random test restores which systematically check different types, sizes, and locations of files along with the frequency of the restore process. 

2. Improve cyber defences to secure cyber insurance 


According to Sophos, cyber insurance often covers some costs for education organisations in the event of a ransomware attack.  

The catch? The education sector has a low rate of cyber insurance coverage for ransomware and securing quality cyber insurance is hard. Sophos’ The State of Ransomware in Education 2022 whitepaper suggests that fewer companies are providing cyber insurance coverage as it’s becoming more and more unprofitable for them. It’s now a seller’s market, where insurance providers are pulling the strings and refining a very stringent set of selection criteria about the types of organisations they cover.  

The best way to secure a solid cyber insurance policy is by boosting your security controls and reinforcing the strength of your defences, thereby reducing the risk to the providers still offering this product. In the first instance, you can assess the maturity of your defences using a Security Controls Review. It’s one of the only ways you can boost your chances of securing the coverage you need. 

3. Disrupt cyber-criminal attack paths with the right tools 


The NCSC recommends a ‘defence in depth’ approach. That means cyber security professionals should assume that their organisation will be breached with malware at some point in time. Therefore, it’s important to implement measures that prevent ransomware from running.  

An important step to take is to search for hidden weaknesses in your Active Directory (AD) configurations because successful breaches are usually followed by attacks on AD. The main threats that come when cyber criminals access your AD include: 

  • The ability to escalate privileges,  
  • Ways to move laterally,  
  • Places to install malware after they’ve gained access to your network via phishing or a vulnerability; and, 
  • Data exfiltration.  

Attackers can and will hide these activities from logs and other monitoring tools. A tool like Tenable.ad can help you monitor changes in your AD with boosted visibility, predict which weaknesses pose the biggest risk, and take action to eliminate attack paths before cybercriminals exploit them. 

An offer from Tenable.ad 


To help you in the battle against Ransomware in Education, Tenable is offering a huge cost saving by excluding student Active Directory accounts from your licensing**. Offer only until the end 2022. 
 

Don't worry, they will still scan them and ensure your entire Active Directory is secure, but you won't have to pay for them!  

Tenable has already helped Higher Education customers secure their Active Directory this year by giving them full visibility of their AD infrastructure and allowing them to break the attack paths that have been created over the years. 

With that in mind, Active Directory needs to be one of your top considerations as shown in the Tenable report "6 Steps For Defending Against Ransomware"

** minimum of 2000 T.ad license to qualify for the promotion. 

Contact us to take advantage of this promotion, or to discuss concerns about your Active Directory. 

 

Author

Rhiannon Kenyon