If a grading scale existed for cyberattacks against K-12 schools in 2020, the hackers involved would probably see a few A's on their report card.
Successful cyberattacks on schools have skyrocketed during the pandemic, with nearly every school utilizing remote learning in one way or another.
In a joint report from the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2020 a Year in Review, the cyber incidents involving schools are discussed and analyzed at length:
"Indeed, the 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber incidents. Moreover, many of these incidents were significant: resulting in school closures, millions of
dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud."
The chart below was also included on the first page:
The K-12 Cyber Incident Map is a visualization of cybersecurity-related incidents reported by U.S. K-12 public schools and districts from 2016 to the present.
In 2020, the map catalogued 408 publicly-disclosed school incidents, including a wide variety in the type of incident.
Here are the five most common types of incidents (followed by their relative percentage of overall cyber incidents):
• Denial of Service (45%)
• Data Breach/Leak (36%)
• Ransomware (12%)
• Other (5%)
• Phishing (2%)
The report notes that the "Other' category includes unattributed malware, class and meeting invasions, email invasion, website and social media defacement, and a wide variety of related and/or low-frequency incidents.
It also reports how the type of school and district plays a factor in whether or not it is likely to be targeted by hackers:
The study says there are a couple reasons this trend is observed. The first being that larger school districts typically have more technological devices and more students that use those devices. The second being that smaller school districts are less likely to publicly disclose a cyber incident and that smaller schools offer a smaller threat profile to cybercriminals
The report discusses how COVID-19 has impacted the number of cyber incidents in K-12 schools, and how there is a sharp difference in 2020 compared to other years.
Here is what it said looking back on cyber incidents in 2020 and how we can use this information to learn important lessons for the future:
"Calendar year 2020 offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem. The evidence suggests that in rapidly shifting to remote learning school districts not only exposed themselves to greater cybersecurity risks but were also less able to mitigate the impact of the cyber incidents they experienced. This suggests that school districts should revisit their contingency plans for continuity of operations during emergencies, with a focus on IT systems used in teaching and learning and district operations.
While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared."
The report concludes by offering a summary of its findings and some recommendations for K-12 schools dealing with cyber incidents.
In particular, it notes three lessons that should be learned from looking at cyber incidents and trends from 2020:
For more information regarding cyber incidents in K-12 schools, you can read the full report.
And for further sharing of best practices in securing education, attend the SecureWorld Gov-Ed virtual conference on June 10, 2021.