Privacy & Security

Cyberattacks on Schools Soared During the Pandemic

By Alyson Klein — March 10, 2021 3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
  • Save to favorites
  • Print

Cyberattacks on school districts surged by a whopping 18 percent in calendar year 2020, likely due to the greater reliance on classroom technology during the pandemic, according to a report released March 10 by the K12 Security Information Exchange and the K-12 Cybersecurity Resource Center.

There were 408 publicly disclosed cyberattacks last calendar year, compared with 348 in 2019, the report found. That amounts to more than two attacks per school day. It’s also the highest number of attacks since the Center first began tracking these incidents in 2016.

The pandemic “offered a profound stress test of the resiliency and security of the K-12 educational technology ecosystem,” the report concluded. “The evidence suggests that in rapidly shifting to remote learning school districts not only exposed themselves to greater cybersecurity risks but were also less able to mitigate the impact of the cyber incidents they experienced.”

School districts should review their plans for keeping tech operations running smoothly during future emergencies, the report suggested.

In addition to the usual cyberattacks—denial of service, ransomware, phishing, and data breaches—the past year saw the introduction of a brand-new type of cyberattack: Invasions. ‘Class invasions,’ also known as ‘Zoom raids’ or ‘Zoom bombing,’ included unauthorized people disrupting online classes, often with hate speech, sexual or shocking images, videos, or threats.

So-called ‘meeting invasions’ used similar tactics and were targeted mostly at PTA meetings, school board meetings, virtual open houses, and other events drawing relatively larger groups of people. And ‘email invasions’ typically entailed breaking into district email servers and using them to send hate speech, distressing images, and other inappropriate content to many people on district email lists.

The pandemic may be a big part of the reason for the spike in cyberattacks, the report says. That’s because schools increased their use of technology dramatically beginning last spring, including by handing out thousands of new devices, using new platforms without a lot of training for teachers, and allowing educators to use free apps that hadn’t been carefully scrutinized for privacy and security factors.

What’s more, school district IT staff may have used new remote access tools to keep teachers and students connected, creating more opportunities for hackers to get into their district networks. And, in districts where students returned in the fall of 2020 for some in-person instruction, many students and teachers brought back devices that were used on home networks that were not necessarily secure. That could have paved the way for malware— software specifically designed to disrupt, damage, or gain unauthorized access to a computer system—to enter district networks.

What kind of schools are most likely to be attacked? Traditional public schools lead the pack. And 12 percent of schools that were attacked once in 2020 experienced a second attack at another point in the year.

The report also found that urban districts are more likely to be attacked than small, rural ones. City districts make up just 6 percent of all districts, but were the target of 21 percent of the cyberattacks. Meanwhile, large districts, defined as those with more than 10,000 students,comprise just 8 percent of districts, but experienced 31 percent of the attacks.

What should be done about cyberattacks?

For one thing, school districts should carefully examine the security practices of their vendors before they sign long-term contracts, the report recommends. Schools will need greater resources for cybersecurity if they are going to implement federal guidance on how best to safeguard their schools. And it’s important for educators and students to understand basic cybersecurity measures, the report notes.

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Reading & Literacy Webinar
The Future of the Science of Reading
Join us for a discussion on the future of the Science of Reading and how to support every student’s path to literacy.
Content provided by HMH
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
College & Workforce Readiness Webinar
From Classrooms to Careers: How Schools and Districts Can Prepare Students for a Changing Workforce
Real careers start in school. Learn how Alton High built student-centered, job-aligned pathways.
Content provided by TNTP
Student Well-Being Live Online Discussion A Seat at the Table: The Power of Emotion Regulation to Drive K-12 Academic Performance and Wellbeing
Wish you could handle emotions better? Learn practical strategies with researcher Marc Brackett and host Peter DeWitt.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Tech Glitch Could Have Exposed Thousands of School Districts' Confidential Files
The incident shows the challenges school districts and education companies face in protecting sensitive data.
3 min read
Eye of the hacker in a keyhole . Spyware, hacking, cybercrime concept. Vector illustration.
DigitalVision Vectors/Getty
Privacy & Security PowerSchool Paid a Hacker's Ransom. Now Cyber Criminals Are Threatening Schools
More extortion attempts are possible, and districts affected by the data breach should be prepared.
The New York Stock Exchange is decorated on July 28, 2021 for the first day of public trading of the cloud-based educational software maker, PowerSchool.
The New York Stock Exchange is decorated on July 28, 2021, on the first day of public trading of the cloud-based educational software maker, PowerSchool.
Richard B. Levine/Alamy
Privacy & Security 4 Things to Know About School Cybersecurity and Trump Funding Cuts
Schools stand to lose significant cybersecurity support as the Trump administration and DOGE slash and rearrange the federal government.
uturistic digital technological background with hexagonal elements, yellow glowing warning signs and binary code. Encryption your data. Big data security. Safe your data. Cyber internet security and privacy concept.
iStock/Getty
Privacy & Security Could Trump Budget Cuts Lead to More Cyberattacks Against Schools?
Schools stand to lose vital cybersecurity support as the Education Department is forced to suspend a cybersecurity initiative.
Illustration of setting computer security settings. Vector illustration of computer privacy management.
iStock/Getty