Reviewing Best Practices in Ransomware Defense for Colleges

Reviewing Best Practices in Ransomware Defense for Colleges

DF Hero Build

Due to a recent rise in ransomware attacks on higher education institutions, the California Community Colleges (CCC) Chancellor's Office and the CCC Information Security Center delivered an October webinar on the topic.

During the hour-long session, information security experts reviewed the current methods of ransomware attacks and the best practices for defending the college and district. Among the presenters were Barney Gomez, vice chancellor of the CCC Digital Innovation & Infrastructure Division; Aamir Khan, chief information security officer of the CCC Technology Center; Stephen Heath, executive consultant of information security from the CCC Chancellor's Office and special guest Sheri Willis from The College of the Deserts.

Ransomware is a type of malware used by hackers to block access to computer networks and files unless a ransom is paid. Often, ransomware is the result of phishing emails, which trick users into clicking a link and inadvertently downloading malicious software. According to Verizon’s 2020 Data Breach Investigations Report, ransomware accounted for approximately 80 percent of the 819 incidents reported in the educational services sector in 2019—up from 48 percent the previous year.

Higher education is particularly vulnerable to ransomware attacks because of the need to support a diverse group of off-campus users—including researchers, students, faculty and staff. In 2019, 89 colleges and universities were hit with ransomware attacks, according to software provider Emsisoft. So far this year, at least 30 higher education institutions have reported ransomware incidents. Recent victims have included Michigan State University, Regis University and University of California San Francisco, which in July, paid out $1.1 million to its attackers—one of the largest ransoms ever paid in the public sector.