Cyber attacks are on the rise, and schools are becoming targets more often.
Why schools? An article in Forbes reports that the answer comes down to money—schools manage more than enough money to become an appealing target for criminals. And it’s only going to become more common: Alyson Klein reports in her article in EdWeek that the problem is only increasing as schools rely more and more forms of technology. As for who is carrying out these attacks, it depends on the case: anyone from bored students to offshore criminals can find a reason to attack a school’s files.
Understanding Types of Cyberattacks
Ever gotten an email from someone claiming you’d won a cash prize? Or maybe a text message from someone pretending to be a company you know, like Netflix, asking you to reset your password? These are forms of phishing, and they represent just one way cybercriminals can attempt to get private data.
Phishing is a form of fraudulent solicitation via email or on a website. It can prompt someone to enter personal information while masquerading as a trustworthy entity.
Often called simply a “hack,” a data breach is when an unauthorized person gains access to sensitive, confidential, or protected information stored by your school.
A ransomware attack is when cyber criminals use malicious software to break into a school’s network and encrypt the data—so your school can no longer access it. As the word “ransom” suggests, they say they will only release the files back to the school if a certain amount is paid first. According to CNN, schools with limited cybersecurity measures are often the most vulnerable to ransomware.
This is known as a “crash”—when cybercriminals infiltrate a network with so many requests, it stops responding. This blocks those that need the network from being able to use it.
Pranks, Invasions, and Hacktivism
Online learning has given rise to pranks like “Zoombombing,” where an outside person gets into an online class and disrupts it with inappropriate—or even hateful— messages or images. Such pranks—which seem to stem solely from the desire to disrupt—can also occur in parent meetings, online performances, and over email. “Hacktivism” involves similar tactics and protests against school policies or changes.
What’s the Impact to Your School?
As a new academic year begins, a school district in Prince George’s County, Maryland, implemented new security measures to ensure the safety of its students. However, even before the school year started, the district fell victim to a cyberattack, highlighting the growing threat of ransomware attacks on educational institutions. The attack on Prince George’s County Public Schools followed a pattern seen in other districts, where threat actors infiltrate the computer network and demand a ransom for stolen data.
“Schools have this delicious trove of data and do not have the same protections as banks and other for-profit businesses,” says expert Jake Chanenson, lead author of a University of Chicago report on school district cyber risks.
In August 2023 alone, 11 K-12 school systems were targeted by ransomware gangs, and several more have reported attacks in the early months of the school year. (Read more about how the district responded to the attack and what it means for your school here: “It’s Back to School for Cyber Gangs, Too”)
Often, schools must close during a cyberattack. According to a U.S. Government Accountability Office (GAO) survey, “loss of learning following a cyberattack ranged from 3 days to 3 weeks, and recovery time could take anywhere from 2 to 9 months.”
GAO reports losses due to cyberattacks are significant. They include replacing computer hardware and enhancing cybersecurity to prevent future attacks.
Learning Loss and Other Harm
Cyberattacks disrupt learning with their impact on students, their families, and teachers. If systems are down, teaching and record-keeping cannot be conducted as planned. A 2020 GAO study found that breached grades, bullying reports, and social security numbers left students “vulnerable to emotional, physical, and financial harm.”
What You Can Do
The number of cyberattacks against schools is staggering: GAO reports that in 2020 there were 1,196,000 ransomware attacks alone. (Their reports include a list of the most notable incidents over the last few years, which you can find here: “As Cyberattacks Increase on K-12 Schools, Here is What’s Being Done.”) Many law and policymakers are calling for better support around cybersecurity for schools. President Biden signed the K-12 Cybersecurity Act in October of 2021, in an effort to ensure that school systems are equipped with the knowledge and resources to protect themselves. (Find the full article here: “Cyber Attacks on Schools: Who, What, Why, and Now What?”)
Free Guide Download
The good news is that you can mitigate the risk to your school. But navigating two-factor authentication, backup data, and secure logins can be daunting for school leaders already stretched so thin. You can get the support you need by accessing our FREE guide on Cybersecurity: Charter School Cybersecurity Guide – Charter School Capital.
About the Author
Mohammad Ahmed is the founder and CEO of Infinity Technologies, offering technology solutions to schools, healthcare facilities, and government agencies. He holds an MBA in management information systems and has over 20 years of professional IT experience.
- It’s Back To School For Cyber Gangs, Too | The 74
- Schools Are Getting Hit Hard By Cyberattacks. What Can They Do About It? (forbes.com)
- 12ft | School Cyberattacks, Explained Edweek.org
- US government warns ransomware attacks on schools may increase | CNN Politics
- As Cyberattacks Increase on K-12 Schools, Here Is What’s Being Done | U.S. GAO
- Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm | U.S. GAO
- Critical Infrastructure Protection: Additional Federal Coordination Is Needed to Enhance K-12 Cybersecurity | U.S. GAO
- Cyber Attacks on Schools: Who, What, Why, and Now What? | Government Technology