Every three days K-12 schools are hit with a cybersecurity incident. In addition, experts say, as many as 10 or 20 times more undisclosed breaches could have occurred last year in the education sector, because many districts elect not to disclose such incidents to the public.
Sadly, there were at least 122 breaches in education last year.
Doug Levin, who is president of EdTech Strategies, a consulting firm, maintains a database of publicly disclosed K-12 cybersecurity incidents dating back to 2016. Since then, he has catalogued more than 415 incidents, which include:
- Denial of service attacks, including one at Mt. Zion School District in Illinois that disrupted access to the district’s computer network;
- Phishing scams, like what happened at Olympia School District in Washington state, where a fraudulent email tricked an employee into sending the sensitive information of district staff;
- Ransomware attacks, which typically infect a computer system with software that either blocks access or releases personally identifiable information unless the victim pays a ransom; and
- Unauthorized disclosures or data breaches, often caused by human error in the education sector, as was the case at the Pennsylvania Department of Education.
“I think it’s going to get worse before it gets better,” he said. I’m seeing what I would characterize as pretty significant events that are actually happening in schools today.” These events not only disrupt teaching and learning, Levin added, but can also cost districts up to six-figures to redress.
Sadly, attacks aren’t absent at higher education. In fact, Stanford University had its second breach in 15 months just this week. Sadly, personal information such as social security numbers were compromised.
Phish360 Phishing simulation and training, reduces successful phishing attacks.