2020 was a year like no other for K-12 school districts across the nation. Districts chose to move the classroom from a physical space to a virtual one to continue education while also keeping students, staff, and families safe. This arrangement called for rapid adoption of technologies, opening the door to cybercriminals. The rate at which districts adopted new procedures and tools left schools at risk for cyberattacks and criminals took advantage. Let’s take a closer look at the historical school cyberattacks that skyrocketed last year.

Record Number of Breaches

In 2020, school districts recorded 408 publicized breaches into their systems, an 18% increase over the previous year and breaking records for any prior year. The hacks were in the form of:

• Data breaches
• Ransomware and malware attacks
• Phishing emails are usually intended as an avenue for malware and ransomware installation.
• Denial of access to the programs used in remote learning

Data breaches and leaks made up a larger percentage of cyberattacks than ransomware, malware, and phishing. However, denial of access was the most significant threat, preventing users from gaining entry into remote learning programs in 45% of the cyberattack incidents.

In a new wave of vulnerabilities, school districts found themselves the target of unauthorized users who broke into their systems and interrupted learning and meetings. These invaders used the platforms to espouse hate speech, threaten violence and display obscene images, videos, and sounds. Educators and students required to log into district networks on personal devices for remote learning create new opportunities for a broader range of cybercrimes and invasions.

Inadequate Resources for Cyber Security

Districts were already stretched thin before COVID-19 and the subsequent shift to online learning. Very few districts had the resources to hire dedicated, full-time cybersecurity personnel. Only about 20% of the school districts have the appropriate personnel to address security risks.

In addition to inadequate funding to hire cybersecurity experts on staff, the cost to install security software is also cost-prohibitive. The price tag for a suite of security measures for K-12 school districts could be as high as $2.4 billion. Thus far, government support has been lacking, though Congress is introducing new legislation aimed at improving K-12 cybersecurity.

Ongoing Risks for Continued Cyberattacks

Cybercriminals are growing more adept at breaking into systems, making it difficult for security experts to stay on top of the threats even with adequate resources. They are taking advantage of artificial intelligence and 5G networks to gain access to sensitive information from a wide range of industries, including education.

Within the education realm, they have also learned to target their attacks in ways that are more likely to get results, such as sending out phishing emails — from addresses that appear legitimate — to high school students and teachers. Educators and school districts are already dealing with many issues, such as failure to educate lawsuits. For the foreseeable future, cybercrime is another challenge to add to the list.

About PGUI

Professional Governmental Underwriters, LLC , is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.