Cyberattacks, specifically ransomware attacks, continue to be a constant threat to government agencies and educational institutions (SLED). In the last year, more than 100 state and local governments and educational institutions across the U.S. were victims of ransomware attacks. Despite investing heavily in traditional endpoint security solutions, institutions are vulnerable to ransomware and other cyberattacks. With a growing attack surface due to remote work and learning, agencies and educational organizations must look to proactive cyber solutions.
According to the 2020 Blackberry Cylance Threat Report, government agencies and educational institutions were one of the top ransomware targets. These attacks exploited data that educational institutions and agencies are responsible for keeping secure such as social security numbers and payment information. “Government and education in today’s market are prime targets for bad guys doing bad things in the cybersecurity realm,” said Marc Doniger, VP of SLED with Blackberry Cylance in a recent webinar. “The devices and interconnected systems, the way we deliver things in the government and education space, we are seeing an uptick in ransom.”
With limited IT resources, SLED staff are struggling to keep up with security issues. Staff now have anywhere from 10 to 18 different job responsibilities, explained Doniger. Schools and agencies are being asked to do less with more. So, the question becomes “where do I make an investment? Where do I make cuts?” he said.
For many these decisions, especially with such limited budgets, are tough to make. Without constant updates, or even replacing older technologies, data is more likely to be stolen. “For every hour an employee is down and unable to complete work due to a security issue, the county or school system is spending around $40,” he explained. This might not seem like much, but why you factor in multiple employees and multiple hours to regain full working ability, that cost adds up. “In the last year, over 500 schools have been hit by ransomware. The average cost was about $8.1 million,” Doniger said. And money isn’t the only setback, it takes about nine months to get back to full operating capacity, he explained.
With all these risks and obstacles, what can agencies and schools do? “It’s not an easy task to prevent these types of attacks,” said Rich Thompson, VP of Sales Engineering at Blackberry Cylance. With these attacks being dropped via email or document, they can be undetectable by standard security technology.
This traditional tech relies on patches to keep current. “Patches are great,” said Thompson. “But there are systems out there that don’t need patches. There are solutions that can detect ransomware before it launches against your environment.”
Detecting a potential ransomware attack before it infiltrates systems is critical. Not only will information, time, and money be saved, but the trust the public has for an organization. “Frictionless solutions that give you the protection you need” are what every agency and school should be looking for. Solutions should “give peace of mind and allow the users to do what they were hired to do, rather than be worried about security,” Thompson concluded.