Privacy & Security

Cyberattacks Are Up. The Feds Must Help Schools Cope, Watchdog Agency Says

By Alyson Klein — November 17, 2021 2 min read
Gloved hand reaching into a laptop screen hacking someone's account.
  • Save to favorites
  • Print

The U.S. Department of Education’s more-than-a-decade old plan to help protect schools from digital threats needs a rethink, as cyberattacks rise and new threats emerge, concludes the Government Accountability Office, Congress’ watchdog arm, in a report out this month.

Since 2010, when the plan was last updated, K-12 schools have dramatically ramped up their use of education technology, leaving their systems more vulnerable to threats. That’s been particularly true during the COVID-19 pandemic, which forced schools to switch over to online learning at lightning speed.

“The efforts that the schools had to go through last year to convert from in-person to virtual learning put a lot of strain and stress on the technology services that they either had or they needed to acquire very quickly,” said Nick Marinos, a director on the GAO’s Information Technology and Cybersecurity team in an interview with Watchdog Report, the GAO’s podcast. “In other cases where we’ve seen entities have to rush to put forward technology, cybersecurity often can be an afterthought or something that might not get attention until, unfortunately, an attack or an incident occurs.”

These attacks can carry a high price tag. Marinos cited a school district in Florida that was targeted by a criminal group in March. The group encrypted the district’s data and demanded a $40 million ransom to decrypt it. And back in 2019, a Kentucky school district got a fraudulent email that appeared to be from a vendor. The school ended up paying a $3.7 million invoice which went directly to an attacker.

All-in-all, 408 attacks were publicly reported in 2020, an 18 percent increase over the previous year, according to data from the Cybersecurity Resource Center that was cited in the report.

The department has taken some steps to help schools get their arms around these threats, GAO reported. The agency published guidance to help students and parents prepare for a cyberattack. It also put out guidance for schools on best practices in online learning. And it has provided schools with some resources, including training drills that have already been successful in other districts.

But “even though federal agencies do already provide a variety of products and services to help schools protect themselves against cyber threats, it’s time for them to ensure that these efforts meet current needs,” Marinos said.

Specifically, the report asks the Education Department to consult with the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) to figure out how to update its plan for K-12 schools. And the GAO called for the Education Department to consider whether additional guidance is needed to protect teachers, parents, and students from cyberthreats.

The Education Department, which reviewed the report before it was published, agreed with the GAO’s recommendations, but expressed some concerns about its lack of authority over security standards for school districts.

Events

Classroom Technology K-12 Essentials Forum Making Technology Work Better in Schools
Join experts for a look at the steps schools are taking (or should take) to improve the use of technology in schools.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Budget & Finance Webinar
The ABCs of ESSER: How to Make the Most of Relief Funds Before They Expire
Join a diverse group of K-12 experts to learn how to leverage federal funds before they expire and improve student learning environments.
Content provided by Johnson Controls
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Modernizing Principal Support: The Road to More Connected and Effective Leaders
When principals are better equipped to lead, support, and maintain high levels of teaching and learning, outcomes for students are improved.
Content provided by BetterLesson

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security 'There Are So Many Issues’: Why Schools Are Struggling to Protect Student Data
While efforts have been made to protect student data, there are still troubling examples of data breaches.
8 min read
Illustration of numerous computer windows overlapping with creepy eyeballs inside the close, open, and minimize circles within the various window screens.
Daniel Hertzberg for Education Week
Privacy & Security Download Be Ready When Parents Ask These 7 Questions About Data Privacy
These questions offer a roadmap for issues that K-12 leaders should be prepared to discuss.
1 min read
Data security and privacy concept. Visualization of personal or business information safety.
iStock/Getty Images Plus
Privacy & Security Cyber Hackers Attack Schools More Often Than You Think: 8 Ways to Stop Them
Experts say there’s no magic formula for districts to completely protect themselves from these incidents, but there are ways to reduce risk.
1 min read
Image of a red glowing caution sign over a dark field of data.
Getty
Privacy & Security What Schools Can Learn From the Biggest Cyberattack Ever on a Single District
Hackers infiltrated a New York City school district vendor, jeopardizing personal information for 820,000 current and former students.
2 min read
Gloved hand reaching into a laptop screen hacking someone's account.
iStock/Getty Images Plus