- A recently released report from the K-12 Cybersecurity Resource Center reveals that 122 incidents were reported at K-12 schools in 2018, though the author of the report, EdTech Strategies President Doug Levin, told EdSurge that he feels as many as 20 times as many cybersecurity incidents were unreported.
- The incidents include denial of service attacks, phishing scams, ransomware attacks — all of which largely come from outside sources — and unauthorized disclosures or data breaches, which are often the result of human error. These events not only inconvenience districts and disrupt learning, but can cost thousands of dollars to correct, Levin said.
- While all school districts are at risk of attack, more affluent districts are more at risk — possibly because wealthier districts rely more on technology. Levin also noted that there is no easy solution, as even major companies with larger cybersecurity budgets struggle to protect themselves from such threats.
Schools are an attractive target for hackers, because, as a Huffington Post article noted, educational systems are a “virtual buffet of valuable data.” And as this most recent report highlights, cyberattacks on K-12 schools and districts are no longer a rare occurrence. In fact, the Federal Bureau of Investigation released a public service announcement in September warning about “cyber threat concerns related to K-12 students” as reliance on educational technologies and collection of student data grows.
But these attacks aren't just related to student data: employee data is also highly sought after. According to Verizon’s 2018 Data Breach Investigation Reports, hackers have a number of reasons for accessing data in the education sector.
“Social engineering scams are targeting your employees’ personal information, which is then used to commit identity fraud. Your highly sensitive research is also at risk — 20% of attacks were motivated by espionage. But sometimes the threats aren’t about stealing data for financial gain — 11% of attacks have “fun” as their motive,” the report noted.
The government does play a role in improving cybersecurity issues, and most states have already passed stronger laws to address the issue. However, funding for increased cybersecurity for schools needs to be prioritized — a difficult task when there are so many other education priorities that demand attention. But the issue cannot the solved by money alone, Levin noted in his recent report. It will also require “enhancing the capacity of the K-12 community to share timely information, build a knowledge base, and identify and promulgate promising policies and practices”, Levin said, which is why the K-12 Cybersecurity Resource Center was launched.
As funding solutions are sought and more complex protocols are developed to deal with the issue, schools can still take immediate steps to improve cybersecurity, Ed Surge reported in 2017. Among them are making sure patches and updates for software in use are installed regularly, that the importance of strong passwords is emphasized, and that students and staff are trained to be skeptical of all links and attachments in emails.