PETALING JAYA: The education sector is among the most vulnerable to ransomware threats globally, said Microsoft Malaysia national technology officer Dr Dzahar Mansor.

He said there had been increased dependency on technology for learning, especially during the Covid-19 pandemic that created more opportunities to monetise ransomware-based cyber-attacks.

As of Dec 3, the education sector was the most affected by cyber threats with over 6.1 million (6,177,185) cases reported globally, according to Microsoft.

Other vulnerable industries in the top five were business and professional services, retail and consumer goods, financial services and insurance, and healthcare and pharmaceuticals.

A recent report by NordLocker revealed that education – alongside construction, manufacturing, finance, and healthcare – was among the top five industries most likely to be targetted by ransomware gangs.

An analysis of 1,200 companies hit by cyber extortion between 2020 and 2021 revealed that ransomware is most widespread in these five sectors, said the end-to-end encryption software company.

NordLocker cybersecurity expert Oliver Noble said education organisations could be enticing to cyber racketeers because of the overwhelming amount of personal student data they get to take hold of to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live.

“This is very appealing to hackers who sell stolen credentials and PII (personally identifiable information) on the dark web,” Noble shared.

He added that schools and universities usually lack digital protection as their systems might run on outdated software, as demonstrated during the sudden shift to remote learning at the beginning of the global pandemic.

“Hackers look for the weakest link, and unpatched vulnerabilities in an organisation’s system or unsecured Wi-Fi network which don’t usually take long to find.”

“Since education institutions can’t risk having their activities put to a standstill, damaging their reputation and losing students, hackers have a good chance of having their ransom demands fulfilled,” he said in a statement last month.

The State of Ransomware in Education 2021 – a global survey by cybersecurity firm Sophos – found that 44% of 499 respondents from the education sector were targetted by cyberattacks last year, with 58% of respondents saying cybercriminals succeeded in encrypting their data.

According to online reports, the exponential growth in cyberattacks in the United States’ higher education sector prompted the FBI’s Cyber Division to issue a warning to institutions in March.