LIVE @ ISTE 2024: Exclusive Coverage

IT leaders should leverage modern innovations like AI and machine learning to ensure ransomware protection for education institutions.

Education must keep pace with evolving ransomware

IT leaders should leverage modern innovations like AI and machine learning to ensure data protection for faculty, staff, students and the institution as a whole

Despite the alarming rise of ransomware incidents in 2022, many education institutions still fail to address gaps in their protection protocols. A Sophos survey found that 64 percent of higher education and 56 percent of lower education institutions were hit by ransomware over the past year.

These statistics should raise some red flags as the education sector continues to lag behind in cyber defense practices, making them one of the most vulnerable industries. If an educational institution is attacked, administrators often don’t have the resources to respond, due in no small part to staffing shortages.

Administrators and IT leaders across the education sector need to leverage modern innovations like AI and machine learning (ML) to ensure data protection for faculty, staff, students and the institution as a whole. Let’s take a closer look at why education is so vulnerable and how school administrators can implement preventative and restorative measures to curb long-term effects.

The walls of protection continue to crumble in education

From 2020 to 2021, ransomware attacks on educational institutions jumped by 44 percent. These institutions are already–and will increasingly become–a target for ransomware. It’s no longer about if; it’s when, and various districts are learning from unfortunate experiences.

For example, the L.A. United School District (LAUSD) suffered a ransomware attack in September 2022. While the more than 400,000 K-12 students could continue attending class, the attack crippled several critical infrastructure capabilities like staff and student email. The Cybersecurity and Infrastructure Security Agency (CISA) eventually uncovered that the hacking group Vice Society was responsible for the attack, but not until they had already leaked thousands of sensitive and confidential documents, representing a significant security threat for students, employees, alums and parents. While this is the second large-scale ransomware attack against LAUSD, it is still unclear if the school district has taken steps to bolster cybersecurity moving forward.

In this case, LAUSD did not pay a ransom–a critical decision and one that we strongly recommend to any organization in a similar situation. Organizations should never pay a ransom when attacked by cybercriminals. If organizations do comply with ransom demands, bad actors often replicate the attack on a larger scale to get more money. Or, they fail to hold up their end of the bargain, and they take the money and data and run. However, not updating cybersecurity protocols following an attack is a missed opportunity. Here’s how other educational institutions can avoid making the same mistake as LAUSD.

Don’t drop the ball on preventative and restorative measures

While the innovation surrounding AI and ML enables ransomware attacks to become more sophisticated, it also helps IT leaders and school administrators combat these growing threats. The key is to implement AI and ML technology sooner than later and follow through on long-term maintenance.

But where to start? According to InterVision research, most business leaders feel that ransomware is the top threat to security, but they need help determining the best approach to securing their systems. Many want to move fast to patch the immediate threat and fix more significant issues later, but the reality is: a holistic approach to cybersecurity requires both methods.

The hesitancy to implement a comprehensive cybersecurity protection plan is understandable. School administrators are stretched thin. But here’s a little secret: the best cybersecurity plans are not typically designed and deployed in-house. Many organizations outsource to trusted third-party strategic service providers that can provide consistent monitoring and adjustments based on years of industry experience. The right provider will also offer a more tailored solution, typically leveraging Ransomware Protection as a Service (RPaaS). For education institutions, this is particularly important given the consistent use of multi- cloud and hybrid environments still using on-prem data storage.

With early implementation and the right partner, administrators and IT teams can focus more on initiatives that impact the lives and education of students, faculty and staff and less on dealing with cyber breaches and ransomware attacks. It’s time for education leaders to review their options, as ransomware will only continue to rise in 2023.

In cybersecurity, balancing vigilance with access
How a cloud-based ERP helps schools innovate and be nimble

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Latest posts by eSchool Media Contributors (see all)

Want to share a great resource? Let us know at

New Resource Center
Explore the latest information we’ve curated to help educators understand and embrace the ever-evolving science of reading.
Get Free Access Today!

"*" indicates required fields

Email Newsletters:

By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.