If a grading scale existed for cyberattacks against K-12 schools in 2020, the hackers involved would probably see a few A's on their report card.
Successful cyberattacks on schools have skyrocketed during the pandemic, with nearly every school utilizing remote learning in one way or another.
In a joint report from the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2020 a Year in Review, the cyber incidents involving schools are discussed and analyzed at length:
"Indeed, the 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber incidents. Moreover, many of these incidents were significant: resulting in school closures, millions of
dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud."
The chart below was also included on the first page:
Analysis and trends of cyber incidents in K-12 schools
The K-12 Cyber Incident Map is a visualization of cybersecurity-related incidents reported by U.S. K-12 public schools and districts from 2016 to the present.
In 2020, the map catalogued 408 publicly-disclosed school incidents, including a wide variety in the type of incident.
Here are the five most common types of incidents (followed by their relative percentage of overall cyber incidents):
• Denial of Service (45%)
• Data Breach/Leak (36%)
• Ransomware (12%)
• Other (5%)
• Phishing (2%)
The report notes that the "Other' category includes unattributed malware, class and meeting invasions, email invasion, website and social media defacement, and a wide variety of related and/or low-frequency incidents.
It also reports how the type of school and district plays a factor in whether or not it is likely to be targeted by hackers:
- "Larger school districts are at a significantly greater risk for experiencing a cyber incident than other types of school districts, as are school districts located in more densely populated parts of the county.
- Small and rural school districts may be less likely to experience a cybersecurity incident."
The study says there are a couple reasons this trend is observed. The first being that larger school districts typically have more technological devices and more students that use those devices. The second being that smaller school districts are less likely to publicly disclose a cyber incident and that smaller schools offer a smaller threat profile to cybercriminals
The impact of the pandemic on cyber incidents in K-12 schools
The report discusses how COVID-19 has impacted the number of cyber incidents in K-12 schools, and how there is a sharp difference in 2020 compared to other years.
Here is what it said looking back on cyber incidents in 2020 and how we can use this information to learn important lessons for the future:
"Calendar year 2020 offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem. The evidence suggests that in rapidly shifting to remote learning school districts not only exposed themselves to greater cybersecurity risks but were also less able to mitigate the impact of the cyber incidents they experienced. This suggests that school districts should revisit their contingency plans for continuity of operations during emergencies, with a focus on IT systems used in teaching and learning and district operations.
While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared."
Recommendations for cyber incidents in K-12 schools
The report concludes by offering a summary of its findings and some recommendations for K-12 schools dealing with cyber incidents.
In particular, it notes three lessons that should be learned from looking at cyber incidents and trends from 2020:
- "School districts should devote resources to better vetting the security policies and practices of all their vendors at the time of procurement and periodically over the life of a contractual relationship. On the flip side, school service providers have an opportunity to differentiate themselves in the education market by focusing on meaningful security features.
- Until school districts have the resources and infrastructure in place to support them in implementing cybersecurity programs, general federal and/or state cybersecurity guidance—in the absence of resources to implement such guidance—is unlikely to be acted upon in a timely manner, if at all.
- Awareness and implementation of basic cybersecurity hygiene practices for students, for staff, and for school district vendor staff will be instrumental to making progress in securing the K-12 ecosystem of IT applications and services."
For more information regarding cyber incidents in K-12 schools, you can read the full report.
And for further sharing of best practices in securing education, attend the SecureWorld Gov-Ed virtual conference on June 10, 2021.