Eighty-two percent of the more than 5,000 K-12 public schools and districts considered in a recent study experienced a cyberincident between July 2023 and December 2024.
Published by the Center for Internet Security in partnership with the Consortium for School Networking, the findings, detailed in a new report, show that “cyber threat actors appear to be increasingly targeting schools during critical periods like exams, times when the pressure to maintain operations makes schools far more vulnerable to ransom demands.”
“The trend toward attacks that target human vulnerabilities highlights the adaptability of threat actors, who are now exploiting the inherently supportive and trusting characteristics of educational settings,” the report states. “Teachers, administrators and support staff, whose primary focus is helping students succeed, now find themselves on the front lines of cybersecurity defense.”
Almost 14,000 security events took place in the 18-month period and there were more than 9,300 confirmed incidents. An analysis of data from the school systems also found that bad actors target human behavior 45 percent more often than technical vulnerabilities. Malvertisements, defined as online advertisements that incorporate malware, were the most common malware infection vector.
When cyberattacks disrupt operations like meal programs, counseling services, special education, opportunities for student development and other resources, the communities schools serve, including working parents who may need to take off work to care for their children if a school must temporarily close, are impacted.
“This disruption particularly affects communities where the school system forms the backbone and routine structure of daily economic activity. A cyberattack on a school doesn’t just impact education — it has an outsized effect on the stability and well-being of entire communities,” the report asserts.
According to the analysis, “the most resilient schools embrace a collaborative approach, leveraging partnerships and shared resources to protect their communities.”
The report offers recommendations for local educational agencies to best protect themselves and their communities, including:
- Empowering individuals by creating a culture of cyber-empowerment and going beyond traditional awareness of cybersecurity
- Developing a technical framework including essential security controls and service continuity planning
- Creating partnerships to bolster organizational capabilities and implementing professional development
- Fostering community resilience through communication strategies and service protection
