The State of Cybersecurity in Education


While recent attacks on infrastructure have taken center stage, what is less publicized is the rise in cyberattacks on schools. In 2020, K-12 schools alone saw a rise of 18% to 408 breaches.1 Indeed, schools faced a barrage of attacks such data breaches, leaks, ransomware and phishing attacks, as well as an alarming new threat in the form of invasions of online classrooms.

In 2020 and 2021 ransomware attacks on schools and universities included:

  • Broward County Public Schools, Florida, the 6th-largest school district in the US, was hacked and threatened with leaking student and teacher information online if a $40 million ransom wasn’t paid. They did not pay the ransom.
  • Buffalo Public Schools, New York, was the victim of a cyberattack that forced the district to cancel classes for a few days until key systems, equipment and applications targeted were restored.
  • Rockwood School District in Missouri, was the victim of a malware attack that shut down the entire network in the district with more than 21,000 students and 4,000 staff.
  • The University of Utah experienced a ransomware attack on its computer servers and paid more than $450,000 to an unknown hacker.
  • Hackers attacked the computer servers at the University of California, San Francisco (UCSF) School of Medicine. To regain access to their data, the school paid $1.14 million in Bitcoin.

The consequences of any cyberattack can be devastating and extremely costly, but an attack on an educational institution can also impact students’ personal information, research data, financial information, etc. All of this can be held for leverage or ransom, affect school operations and actually cause the school to shut down for a period during containment and recovery.

Why are schools targeted?

In 2021, the transition back to schools and universities from online learning often brought unauthorized technology used during online learning as well as new personal devices onto the school network. Additionally, tech savvy students may have the latest devices, yet they often don’t follow good cyber hygiene practices such as password management, using MFA and installing software updates right away. These circumstances posed a challenge to IT departments, and an opportunity for cyber criminals, as these devices could unknowingly contain malware and bring it back to the school’s network or provide an entry point to hackers.

Other factors that make schools a target to malicious actors include many organizations run on legacy systems that can’t protect them from evolving threats because they don’t have the necessary financial or staff resources that many large corporations have, to keep systems up to date and all staff trained on cyber threats. In addition, apps and devices used by other school departments such as facility management, transportation, administration, etc., provide additional points of entry for cyber criminals. These factors leave the network vulnerable to cybercriminals.

Barriers to cybersecurity in education

The main barriers education institutions face stem from the aforementioned lack of resources. According to surveys from the Consortium for School Networking (CoSN), only one in every five school districts has a full-time staff person dedicated to cybersecurity.2 Education leaders are left with the challenge of how to balance technology, personnel and risks when determining their cybersecurity investments.

Schools are also often breached by hackers who take advantage of the lack of cyber training for staff and students and aim their attacks at careless employees or students who trustingly reply, click on unknown links, or download files or unauthorized applications. The most common schemes are phishing and social engineering emails asking for credentials, payments or account details.


Top cyber threats to schools

What are the top cyber threats to schools and universities? Below are the most common threats schools need to monitor for and protect against.

  1. Phishing and social engineering

    Cyber criminals use tactics such as phishing and social engineering to entice people to unsuspectingly download malicious software and give them a path to enter the network. Phishing emails appear to be similar to other emails reaching one’s inbox and may look like it is from a trusted source, however, there are tell-tale signs it is a hacker:

    • Incorrect domain name in email address
    • Urgent or threatening language
    • Suspicious attachments or incorrect links
    • Misspelled words or grammatical errors
    • Mismatched URLs
  2. Third-party vendor issues

    To breach a district or university, malicious actors may hack a smaller vendor to infiltrate the school’s network. Like businesses, schools are digitally connected with many vendors having access to their systems to conduct business such as transactions, share information, etc. Hackers see these connections as a way to exploit vulnerabilities and access the school’s network.

  3. Unpatched and outdated software

    Updating and installing all software patches and updates expediently is paramount to avoid a breach. Once attackers are aware of a new vulnerability, they work to exploit and gain access to the victim’s system and run their own malicious code on it.

  4. Internet of things (IoT)

    With different departments and audiences using a variety of tools in education, it can be hard to tell how many IoT devices are connected to the network at once. What is important is that they are all secure. If not, attackers can take advantage and find access points to gain an entry point to the school’s network, putting academic and personal information at risk.

It’s time to protect schools

When it comes to network security educational institutions already have unique challenges, starting with small IT teams and strict budgets. However, cyberattacks will continue to evolve and target educational institutions. To protect students, staff and valuable data, these challenges and barriers must be addressed and changed. Recently, the Biden Administration has enacted the K-12 Cybersecurity Act into law to enhance the cybersecurity of our Nation’s K-12 educational institutions. This law put into motion efforts by CISA to examine the cybersecurity risks associated with K-12 educational institutions as well as provide tools and guidance.

To help schools stay ahead of evolving threats and hackers, we’ve compiled our resources to protect schools’ networks and students and information safe from cyber threats.

Whitepaper – Addressing the Record Breaking Cyberattacks in Schools

Whitepaper – Finding the Balance Cipa Web Filtering for K-12

Whitepaper – Managing the IoT in Higher Education

Keeping Schools Safe: K-12 Network Security Checklist

NETWORK MAINTENANCE AND SECURITY – Guide for Schools and Districts

Incident Response Planning Checklist for K-12 Schools


1. K-12 Security Information Exchange