Education received the highest amount of ransomware attacks this year, followed by government and health care, according to a BitSight report.
At least one in 10 education institutions experienced ransomware on their networks. Also, 67 government organizations and 133 health care companies have been affected in the past year.
The rate of ransomware has more than tripled in the education and government industries, and almost doubled in the health care, energy, retail, and finance industries in the past year, according to BitSight.
Education institutions show the lowest security ratings of the surveyed industries due to smaller IT teams, budget constraints, and a higher rate of sharing over their networks. Fifty-eight percent of education organizations have some type of file sharing on their networks. Networks often contain access to Social Security numbers, medical records, intellectual property, and financial data, which makes these systems prime targets for attacks.
The University of Calgary was hit with a malware attack earlier this year and paid $20,000 for the release of its encrypted email server. Ransomware has the potential to become more targeted and destructive with ransoms that vary based on the value of the data collected, according to BitSight.
BitSight recommended that companies prescribe email security protocols, monitor key third parties, track security ratings, and avoid peer-to-peer file sharing on networks.
Companies should train their employees to alert management if they encounter an email that they believe is suspicious, be aware of security risks to third parties that they share data with, ensure their systems are not vulnerable to attacks on sensitive information, and confirm that employees don’t illegally download software.