School and cyberthreats

A very troubling trend in recent years has been the rising number of cyberattacks targeting educational institutions. The United States, for instance, has seen school education become one of the most targeted sectors. According to the UK’s Information Commissioner’s Office (ICO), the number of attacks on schools increased by 55% from 2022 to 2023. A similar pattern is emerging globally. Let’s unpick what’s going on here, and look at the ways schools can defend themselves.

Why cybercriminals love school

Several factors contribute to the growing vulnerability of schools, making them attractive targets for cybercriminals:

• Dependence on technology. Educational institutions are rapidly becoming digital and are thus reliant on IT infrastructure both in the classroom and in schools’ administration offices. However, their cybersecurity practices are often sadly lacking.
• Valuable data. Schools store a wealth of sensitive information, including student and staff data, and financial records. Data breaches can have devastating consequences, and this data is exactly what attackers are after.
• Scarce resources. Schools often face tight budgets and a shortage of qualified IT professionals — especially in cybersecurity.
• Low user awareness. A great many computer users in schools have little cybersecurity nous. This means they’re susceptible to phishing attacks, malware infections, and other cyberthreats. Often, teachers aren’t much more cyber-savvy.

This all turns educational institutions into sitting ducks. What’s more, successful attacks attract plenty  of public attention, which gives cybercriminals leverage — particularly in ransom negotiations following a ransomware attack. The essential nature and social importance of educational institutions also play a significant role.

Sure, if a ransomware attack temporarily shuts a retail chain down, it’s unpleasant — but mostly just for the business itself; customers can generally go elsewhere quite easily. However, if a cyberattack disrupts a school, the consequences are far more serious. Students lose access to education, their academic performance suffers, and parents get landed with arranging childcare and other headaches.

Cyberattacks on educational institutions

Attacks on education are now so common that you don’t have to look far for examples of even large-scale incidents — just look at recent headlines. Not so long ago, a cyberattack targeted Highline Public Schools, a school district in Washington state in the US. The incident forced the district to temporarily close all 34 of its schools — affecting over 17,000 students. All educational activities, including athletics and meetings, were suspended.

In August of this year, the Singapore Ministry of Education announced that an unknown hacker had wiped clean 13,000 iPads and Chromebooks used by students across the country.

In June, the Toronto District School Board, which oversees nearly 600 schools in Canada’s largest city, was hit by a ransomware attack. In May, Western Sydney University, one of Australia’s largest universities with over 35,000 students, reported a hack on its IT infrastructure.

How to protect schools from cyberattacks

With the education sector firmly in the crosshairs of cybercriminals, schools’ IT systems need robust protection.

So how to get it? While large schools, colleges, and universities can allocate substantial budgets for enterprise-grade software and dedicated cybersecurity staff, smaller schools often lack these resources.

As a result, these schools sometimes resort to using security software intended for home use. However, this isn’t ideal. Such products aren’t designed for centralized management, so deploying them across numerous school computers, let alone managing them effectively, can become a major headache.

A far better solution for small schools would be a product designed for small and medium businesses (SMB), such as Kaspersky Small Office Security. Such security software offers all the essential features needed for basic security:

• Reliable protection against ransomware and other malware
• Automatic backups
• Password manager to protect accounts
• Vulnerability scanning and much more

Furthermore, SMB security solutions is easy to deploy, and it can operate on an “install and forget” basis — no dedicated IT or security specialist is required for setup and management.

To strengthen school cybersecurity further, we also recommend conducting staff training to raise awareness of cyberthreats. This is easy to set up with our Kaspersky Automated Security Awareness Platform, which helps slash both the time and cost of training.