Cyberattacks on Schools Spiked in 2020 Due to COVID-19 Pandemic
The pandemic “offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem,” a new report finds.
WASHINGTON D.C. — Cyberattacks on school districts across the United States spiked 18% year-over-year in 2020, as “schools increased their reliance on technology tools for teaching and learning over the course of late spring and early summer months,” a new report states.
The surge in cyberattacks on school districts likely due to the greater reliance on classroom technology during the coronavirus pandemic, according to “The State of K-12 Cybersecurity: 2020 Year in Review,” published by the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange.
The report cites there were 408 publicly disclosed cyberattacks on U.S. schools during the 2020 calendar year. That amounts to more than two attacks per school day. It is also the highest number of attacks since the K-12 Cybersecurity Resource Center first began tracking cyber incidents in 2016.
While denial-of-service attacks were the most reported type of cybersecurity incident (reported in 45% of cases), data breaches and leaks hit more than a third of schools (36%), followed by ransomware (12%) and phishing (2%). The remaining 5% consisted of all other types of incidents.
The pandemic “offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem,” the report states. “The evidence suggests that in rapidly shifting to remote learning school districts not only exposed themselves to greater cybersecurity risks but were also less able to mitigate the impact of the cyber incidents they experienced.”
The past year saw the introduction of a brand-new type of cyberattack: Invasions. “Class invasions,” also known as “Zoom raids” or “Zoom bombing,” included unauthorized people disrupting online classes, often with hate speech, sexual or shocking images, videos or threats.
So-called “meeting invasions” used similar tactics and were targeted mostly at PTA meetings, school board meetings, virtual open houses, and other events drawing relatively larger groups of people. And “email invasions” typically entailed breaking into district email servers and using them to send hate speech, distressing images, and other inappropriate content to many people on district email lists.
The pandemic may be a big part of the reason for the spike in cyberattacks, the report says. That’s because schools increased their use of technology dramatically beginning last spring, including by handing out thousands of new devices, using new platforms without a lot of training for teachers, and allowing educators to use free apps that hadn’t been carefully scrutinized for privacy and security factors.
School districts should review their plans for keeping tech operations running smoothly during future emergencies, the report advises.
“School districts should revisit their contingency plans for continuity of operations during emergencies, with a focus on IT systems used in teaching and learning and district operations,” the report notes. “While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared.”
The 25-page report can be downloaded here.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!