IS YOUR DISTRICT READY FOR A CYBERATTACK ? If not , it ’ s time to prepare a response plan as ransomware , phishing and malware attacks are on the rise , especially on school districts . According to the K-12 Cybersecurity Resource Center , there were 408 publicly disclosed school incidents in 2020 , including student and staff data breaches , ransomware and other malware outbreaks , phishing attacks and other social engineering scams , denial-of-service attacks , and more – an 18 % increase from 2019 .
“ It ’ s certainly not new that schools have technology , but what is new is that schools rely on that technology in ways they never have before ,” says Doug Levin , founder of the K12 Security Information Exchange ( K12 SIX ). “ COVID has accelerated that trend even faster . Many schools provide devices to students and staff , and rely on online services like student information systems , human resource management systems , transportation management systems , point-ofsale systems in the cafeteria and more .”
Schools aren ’ t the only sector facing increasing cyberattacks , with Levin noting these incidents are at “ national crisis levels ” throughout the country . Major attacks can be seen across the headlines , including an oil pipeline that led to supply disruptions for several states throughout the southeast . However , the combination of increased reliance on technology with little flexibility for downtime , along with school resources and technology that may not be best set up to respond to and prevent these types of attacks , is causing higher rates of cyberattacks throughout the state .
“ Schools rely on technology now like they never have before ,” says Levin , “ and as a result , what may have been an inconvenience , is now a crisis .”
An increasing risk
There are many different types of cyberattacks that can be common in schools , says Levin . Some cyber incidents are attacks that are carried out by people outside of the school district . In rarer cases , it ’ s caused by someone within the school district , “ like a disgruntled employee or mischievous student ,” says Levin . It can also be the case that a simple error by an employee or school vendor may mean that data is breached or disclosed to an unauthorized user .
While not every cyber-related incident is brought about by a malicious or criminal actor , there are essentially two broad ways that schools are compromised
Kendal ( Gapinski ) Kloiber is a freelance writer living in Lancaster , PA .