May 23, 2022 | Lynn Schear
You’ve likely seen news stories on data breaches occurring in hospitals, banks and retailers. Or perhaps you’ve received an alert from a company where you’ve made a purchase or received a service. Cybersecurity is a concern in any industry that involves gathering and storing valuable information. As more organizations conduct operations digitally, cybersecurity is important for keeping information secure.
Despite the education sector facing its own slew of challenges, such as lack of staffing and funding resources, cyberattacks still happen and the number of attacks is growing every year. More than 1,000 educational institutions suffered ransomware attacks in 2019 alone, and that number has only increased as many schools shifted to online learning during the pandemic. The sector also continues to expand its use of technology for administrative needs and student learning, increasing opportunities for attacks.
According to CBC, ABC13 and GAO.gov, schools that have been hit by a ransomware attack may end up paying a significant fee to restore their data – like the University of Calgary, which paid CA$20,000 in bitcoin after an attack that also affected multiple U.S. computer networks and caused an estimated $30 million in damage, or the 10,000+ student school district in Texas that paid nearly $207,000 when attackers locked critical software systems. In an example of a phishing scam, a Kentucky school district received a fraudulent email that looked to be from a legitimate vendor and mistakenly paid a $3.7 million invoice to the attackers.
Why education is a prime target for cybercriminals
Similar to healthcare, educational institutions vary in size, scope and location. It’s not a one-size-fits-all cybersecurity approach. A cybercriminal’s motive for attacking a college or university won’t necessarily be applicable to an elementary school.
Some of the reasons cyberattacks occur in the education sector include:
Schools store a great deal of personal information and valuable research data. They are often vulnerable to attacks due to more limited budgets and lack of IT staff. According to a CoSN study, only a fifth (21%) of districts have a full-time employee dedicated to network security. Because educational institutions provide valuable resources to their communities, attackers know they can’t afford to shut down and may be more likely to pay a ransom.
How is education targeted?
Based on the Verizon 2021 Data Breach Investigations Report, external attacks pose a greater risk, making up 80% of breaches, than internal threats of misuse or human error by students or staff. The majority of reported ransomware attack victims during the 2020 school year were K-12 schools.
There are several ways that hackers and cybercriminals attack schools, but among the top methods are:
Tips for securing school networks
According to Education Week, school districts may serve thousands of students and work with hundreds of technology vendors. Such a wide-reaching network can be difficult to manage and secure.
In some schools, cybersecurity is a job responsibility for one or more staff members. Other schools choose to outsource management to another organization that has expertise in cybersecurity. Either way, districts will need more funding to keep their networks secure.
With so many cybersecurity challenges currently and potentially facing the education market, it’s important to ramp up security efforts and IT teams now more than ever. Here are some areas of focus:
Cybersecurity continues to be a top priority – and a major concern – for school districts and IT leaders. Marketers who can provide solutions to the issue of cybersecurity have an opportunity to help. School districts are looking for ways to increase their security efforts through education, training, insurance and technology. To connect with key decision-makers, tap into the MCH education database and identify relevant institutions and IT contacts that would benefit from your products and services.
Need More Time?
Due to inactivity, you will be logged out within 5 minutes.
To stay logged in, please select Stay Logged In.